Re: Remote authentication cookies (was Re: index of open access journals)

From: Binkley, Peter <Peter.Binkley_at_nyob>
Date: Mon, 15 Mar 2004 12:40:50 -0700
To: CODE4LIB_at_LISTSERV.ND.EDU 
I wonder if you could fake it using EZProxy, which does a good job of
managing cookies for proxied resources. Have the metasearch process start an
EZProxy session and then hand that over to the user. If the metasearch
process and the EZProxy server were at the same domain, they could share
cookies. I'm not sure if EZProxy would complain if a session were accessed
from different IP addresses (should be ok, given AOL proxy farms etc.), or
if a user might end up with multiple conflicting EZProxy sessions ... There
must be something else I'm missing...

Peter

Peter Binkley
Digital Initiatives Technology Librarian
Information Technology Services
4-30 Cameron Library
University of Alberta Libraries
Edmonton, Alberta
Canada T6G 2J8
Phone: (780) 492-3743
Fax: (780) 492-9243
e-mail: peter.binkley_at_ualberta.ca



> -----Original Message-----
> From: Kevin S. Clarke [mailto:ksclarke_at_stanford.edu]
> Sent: Monday, March 15, 2004 11:36 AM
> To: CODE4LIB_at_LISTSERV.ND.EDU
> Subject: Re: [CODE4LIB] Remote authentication cookies (was
> Re: [CODE4LIB] index of open access journals)
>
>
> On Wed, 2004-03-10 at 10:13, Walter Lewis wrote:
>
> > At the risk of changing the subject line, I'm curious if anyone has
> > solved the problem of remote authentication cookies in the
> context of
> > this class of parallel federated searching.
>
> Sorry for the delay...
>
> We haven't solved it.  We have a servlet that takes the query
> and spawns a thread for each engine it wants to query.  It
> gathers the results in a results list and then post-processes
> (filters) them (renames resources, sorts, categories, etc).
> What the patron gets is a list of resources arranged by
> category with a hit count for each resource (some engines,
> like SKOLAR.com, provide multiple resources and simplify the
> problem of remote authentication by doing it for us once).
> We are fortunate that many of our resources do do IP
> authentication or are provided in the context of an
> aggregator, like SKOLAR.  We have a few though that, when the
> patron clicks on the link next to a hit count, will require
> that s/he login (MD Consult for instance).  Solving cookies
> would solve that but I think we decided we didn't want to
> solve that problem because MD Consult would not like, and
> perhaps not allow, us to allow patrons to bypass their
> authentication (maybe this is just defining the problem
> away).  Once the patron logs in, though, s/he is taken
> directly to the results of the search.  We are approaching
> early testing so will see if patrons like this or not...
>
> I too am interested in hearing if others have solved the
> cookie problem.
>
> Kevin
>
> --
> Kevin S. Clarke (ksclarke_at_stanford.edu)
> Digital Information Systems Developer
> Lane Medical Library, Stanford University
>
Received on Mon Mar 15 2004 - 14:44:47 EST

URL: http://serials.infomotions.com/code4lib/