Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources
@ Ryan, If you say SAML is the best approach, then that's what we'll use. OpenID can be a backup for those that are not SAML compatible for some reason. @ Oren, we want to make it so that the vast majority of the work is done on our end if possible. Ideally, participating resource donors wouldn't have to do anything to their websites at all. That may not be realistic, but it's the direction I'd like to lean. Jake Orlowitz Wikipedia editor: Ocaasi http://enwp.org/User:Ocaasi wikioca...@yahoo.com From: Ryan Lane To: Ocaasi Ocaasi ; Wikimedia developers Cc: Derk-Jan Hartman Sent: Wednesday, July 25, 2012 2:04 PM Subject: Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources > I'm trying to understand the differences between: > > *phpMyAdmin > *SAML > *OpenID > *OpenVPN > You should only consider SAML and OpenID. More exactly, you should really only consider SAML, since the resources you are trying to connect to only support SAML, and not OpenID. We can use OpenID for proxied access to resources that don't support SAML, but it's very likely nearly all of the resources we're trying to access support SAML. Ideally we'd integrate central auth with something that supports multiple protocols. SimpleSAMLPHP supports SAML, OpenID, OAuth and a few other protocols. It also can handle the circles of trust that we'd need to create with the libraries/universities. - Ryan ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources
> I'm trying to understand the differences between: > > *phpMyAdmin > *SAML > *OpenID > *OpenVPN > You should only consider SAML and OpenID. More exactly, you should really only consider SAML, since the resources you are trying to connect to only support SAML, and not OpenID. We can use OpenID for proxied access to resources that don't support SAML, but it's very likely nearly all of the resources we're trying to access support SAML. Ideally we'd integrate central auth with something that supports multiple protocols. SimpleSAMLPHP supports SAML, OpenID, OAuth and a few other protocols. It also can handle the circles of trust that we'd need to create with the libraries/universities. - Ryan ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources
Hi Ocaasi I agree that tighter work with the database providers is in order. 1000+ accounts for top contributors can make a significant impact on Wikipedia fact checking. Based on my experience at university (where I taught a lab-class on reference database usage) that there are many more options on how to do this. Most users in universities do not require to log in at all. (they work in context of an IP range that is enabled for databases.) Research libraries also implement floating licenses for databases that have limited access options. However to implement this it is often necessary to work with a large database aggregators (which solves the tech issues) and the rest is implemented by operations staff of a university. Oren Bochman -Original Message- From: wikitech-l-boun...@lists.wikimedia.org [mailto:wikitech-l-boun...@lists.wikimedia.org] On Behalf Of Sumana Harihareswara Sent: Wednesday, July 25, 2012 4:16 PM To: Ocaasi Ocaasi; Wikimedia developers Subject: Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources Ocaasi, please centralize your notes, ideas, and plans regarding this here: https://www.mediawiki.org/wiki/AcademicAccess I know Chad Horohoe, Ryan Lane, and Chris Steipp might have things to say about this; per https://www.mediawiki.org/wiki/Wikimedia_Engineering/2012-13_Goals#Activitie s_12 their team aims to work on OAuth and OpenID within the next 11 months, and AcademicAccess is a possible beneficiary of that. Thanks! -- Sumana Harihareswara Engineering Community Manager Wikimedia Foundation On 07/25/2012 10:03 AM, Ocaasi Ocaasi wrote: > We currently have relationships with three separate resource databases. > > *HighBeam, 1000 authorized accounts, 700 active > (http://enwp.org/WP:HighBeam) *JSTOR, 100 accounts, all active > (http://enwp.org/WP:JSTOR) *Credo, 400 accounts, all active > (http://enwp.org/WP:CREDO) > > No parties have agreed to participate in The Wikipedia Library *yet*, as it's still in the concept stage, but my initial projection is that 1000 editors would have access to it, and 100 additional users per year would be granted. One of the challenges will be getting all the resource providers to agree on that number, but the hope is that once some do, it will create a cascade of adoption. > > So we're not looking at *thousands* of users, but more likely several hundreds. Still, given the impact of our most active editors, 1000 of them with access to the library would have significant impact. After all, we can't cannibalize these databases' subscription business by opening the library to ''all'' editors. It must be a carefully selected and limited group. > > > -Original Message- > From: wikitech-l-boun...@lists.wikimedia.org > [mailto:wikitech-l-boun...@lists.wikimedia.org] On Behalf Of Ocaasi > Ocaasi > Sent: Monday, July 23, 2012 6:22 PM > To: wikitech-l@lists.wikimedia.org > Subject: [Wikitech-l] Creating a centralized access point for > propriety databases/resources > > Hi Folks! > The problem: Many proprietary research databases have donated free > access to select Wikipedia editors (Credo Reference, HighBeam Research, JSTOR). > Managing separate account distribution for each service doesn't scale well. > The idea: Centralize access to these separate resources behind a > single secure (firewalled) gateway, to which accounts would be given > to a limited number of approved users. After logging in to this single > gateway, users would be able to enter any of the multiple > participating research databases without needing to log in to each one separately. > The question: What are the basic technical specifications for setting > up such a system. What are open source options, ideally? What language > would be ideal? What is required to host such a system? Can you > suggest a sketch of the basic steps necessary to implement such an idea? > Any advice, from basics to details would be greatly appreciated. > Thanks so much! > Ocaasi > http://enwp.org/User:Ocaasi > ___ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > ___ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources
Ocaasi, please centralize your notes, ideas, and plans regarding this here: https://www.mediawiki.org/wiki/AcademicAccess I know Chad Horohoe, Ryan Lane, and Chris Steipp might have things to say about this; per https://www.mediawiki.org/wiki/Wikimedia_Engineering/2012-13_Goals#Activities_12 their team aims to work on OAuth and OpenID within the next 11 months, and AcademicAccess is a possible beneficiary of that. Thanks! -- Sumana Harihareswara Engineering Community Manager Wikimedia Foundation On 07/25/2012 10:03 AM, Ocaasi Ocaasi wrote: > We currently have relationships with three separate resource databases. > > *HighBeam, 1000 authorized accounts, 700 active (http://enwp.org/WP:HighBeam) > *JSTOR, 100 accounts, all active (http://enwp.org/WP:JSTOR) > *Credo, 400 accounts, all active (http://enwp.org/WP:CREDO) > > No parties have agreed to participate in The Wikipedia Library *yet*, as it's > still in the concept stage, but my initial projection is that 1000 editors > would have access to it, and 100 additional users per year would be granted. > One of the challenges will be getting all the resource providers to agree on > that number, but the hope is that once some do, it will create a cascade of > adoption. > > So we're not looking at *thousands* of users, but more likely several > hundreds. Still, given the impact of our most active editors, 1000 of them > with access to the library would have significant impact. After all, we > can't cannibalize these databases' subscription business by opening the > library to ''all'' editors. It must be a carefully selected and limited > group. > > > -Original Message- > From: wikitech-l-boun...@lists.wikimedia.org > [mailto:wikitech-l-boun...@lists.wikimedia.org] On Behalf Of Ocaasi Ocaasi > Sent: Monday, July 23, 2012 6:22 PM > To: wikitech-l@lists.wikimedia.org > Subject: [Wikitech-l] Creating a centralized access point for propriety > databases/resources > > Hi Folks! > The problem: Many proprietary research databases have donated free access to > select Wikipedia editors (Credo Reference, HighBeam Research, JSTOR). > Managing separate account distribution for each service doesn't scale well. > The idea: Centralize access to these separate resources behind a single > secure (firewalled) gateway, to which accounts would be given to a limited > number of approved users. After logging in to this single gateway, users > would be able to enter any of the multiple participating research databases > without needing to log in to each one separately. > The question: What are the basic technical specifications for setting up > such a system. What are open source options, ideally? What language would be > ideal? What is required to host such a system? Can you suggest a sketch of > the basic steps necessary to implement such an idea? > Any advice, from basics to details would be greatly appreciated. Thanks so > much! > Ocaasi > http://enwp.org/User:Ocaasi > ___ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > ___ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources
We currently have relationships with three separate resource databases. *HighBeam, 1000 authorized accounts, 700 active (http://enwp.org/WP:HighBeam) *JSTOR, 100 accounts, all active (http://enwp.org/WP:JSTOR) *Credo, 400 accounts, all active (http://enwp.org/WP:CREDO) No parties have agreed to participate in The Wikipedia Library *yet*, as it's still in the concept stage, but my initial projection is that 1000 editors would have access to it, and 100 additional users per year would be granted. One of the challenges will be getting all the resource providers to agree on that number, but the hope is that once some do, it will create a cascade of adoption. So we're not looking at *thousands* of users, but more likely several hundreds. Still, given the impact of our most active editors, 1000 of them with access to the library would have significant impact. After all, we can't cannibalize these databases' subscription business by opening the library to ''all'' editors. It must be a carefully selected and limited group. -Original Message- From: wikitech-l-boun...@lists.wikimedia.org [mailto:wikitech-l-boun...@lists.wikimedia.org] On Behalf Of Ocaasi Ocaasi Sent: Monday, July 23, 2012 6:22 PM To: wikitech-l@lists.wikimedia.org Subject: [Wikitech-l] Creating a centralized access point for propriety databases/resources Hi Folks! The problem: Many proprietary research databases have donated free access to select Wikipedia editors (Credo Reference, HighBeam Research, JSTOR). Managing separate account distribution for each service doesn't scale well. The idea: Centralize access to these separate resources behind a single secure (firewalled) gateway, to which accounts would be given to a limited number of approved users. After logging in to this single gateway, users would be able to enter any of the multiple participating research databases without needing to log in to each one separately. The question: What are the basic technical specifications for setting up such a system. What are open source options, ideally? What language would be ideal? What is required to host such a system? Can you suggest a sketch of the basic steps necessary to implement such an idea? Any advice, from basics to details would be greatly appreciated. Thanks so much! Ocaasi http://enwp.org/User:Ocaasi ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources
Hi This looks similar to something I have been thinking about recently However I would go about it using openeId. But it would require all the databases sites to support openId. I think that the extensions exists to do this using mediawiki, but WMF projects do not trust/support this method of authentication. If all parties were to support this standard it would be possible to develop an gadget which could log users into all the sites at once. Do you know how many users have been granted access to each databases, this would be useful for estimating the importance/impact of this project. Oren Bochman -Original Message- From: wikitech-l-boun...@lists.wikimedia.org [mailto:wikitech-l-boun...@lists.wikimedia.org] On Behalf Of Ocaasi Ocaasi Sent: Monday, July 23, 2012 6:22 PM To: wikitech-l@lists.wikimedia.org Subject: [Wikitech-l] Creating a centralized access point for propriety databases/resources Hi Folks! The problem: Many proprietary research databases have donated free access to select Wikipedia editors (Credo Reference, HighBeam Research, JSTOR). Managing separate account distribution for each service doesn't scale well. The idea: Centralize access to these separate resources behind a single secure (firewalled) gateway, to which accounts would be given to a limited number of approved users. After logging in to this single gateway, users would be able to enter any of the multiple participating research databases without needing to log in to each one separately. The question: What are the basic technical specifications for setting up such a system. What are open source options, ideally? What language would be ideal? What is required to host such a system? Can you suggest a sketch of the basic steps necessary to implement such an idea? Any advice, from basics to details would be greatly appreciated. Thanks so much! Ocaasi http://enwp.org/User:Ocaasi ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources
I can cover some of thse: > *phpMyAdmin > This is an open source database manager for MySQL databases - it won't work for what you want. > *SAML > *OpenID > >From the page you link it looks like you know about these two; i.e. they act as sign in gateways. OpenID is more "indie", SAML is more "enterprise" - otherwise there are not major differences in what they can achieve. The major bar to entry is getting the providers to add the ability to sign in using one of these methods. I'd personally recommend selecting OpenID as it could then be used for a wider variety of logins around the web. AFAIK resources like Athens (i.e. similar to what you appear to want) tend to use SAML. > *OpenVPN > VPN means setting up access to a pre-authorised network - which then means you can access the restricted resource. I don't think it fits your use case. Tom ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources
Thanks for the tip! I'm trying to understand the differences between: *phpMyAdmin *SAML *OpenID *OpenVPN Could you give me a quick insight into how they differ, strengths/weaknesses, etc.? More details for The Wikipedia Library concept are at http://enwp.org/WP:TWL Cheers! Jake Orlowitz Wikipedia editor: Ocaasi http://enwp.org/User:Ocaasi wikioca...@yahoo.com 484-380-3940 From: Derk-Jan Hartman To: Ocaasi Ocaasi ; Wikimedia developers Sent: Wednesday, July 25, 2012 4:26 AM Subject: Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources You could always create an OpenVPN gateway that provides access. Many edu institutions have the same setup to access those resources. DJ On Mon, Jul 23, 2012 at 6:21 PM, Ocaasi Ocaasi wrote: Hi Folks! >The problem: Many proprietary research databases have donated free access to >select Wikipedia editors (Credo Reference, HighBeam Research, JSTOR). Managing >separate account distribution for each service doesn't scale well. >The idea: Centralize access to these separate resources behind a single secure >(firewalled) gateway, to which accounts would be given to a limited number of >approved users. After logging in to this single gateway, users would be able >to enter any of the multiple participating research databases without needing >to log in to each one separately. >The question: What are the basic technical specifications for setting up such >a system. What are open source options, ideally? What language would be ideal? >What is required to host such a system? Can you suggest a sketch of the basic >steps necessary to implement such an idea? >Any advice, from basics to details would be greatly appreciated. Thanks so >much! >Ocaasi >http://enwp.org/User:Ocaasi >___ >Wikitech-l mailing list >Wikitech-l@lists.wikimedia.org >https://lists.wikimedia.org/mailman/listinfo/wikitech-l > ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources
You could always create an OpenVPN gateway that provides access. Many edu institutions have the same setup to access those resources. DJ On Mon, Jul 23, 2012 at 6:21 PM, Ocaasi Ocaasi wrote: > Hi Folks! > The problem: Many proprietary research databases have donated free access > to select Wikipedia editors (Credo Reference, HighBeam Research, JSTOR). > Managing separate account distribution for each service doesn't scale well. > The idea: Centralize access to these separate resources behind a single > secure (firewalled) gateway, to which accounts would be given to a limited > number of approved users. After logging in to this single gateway, users > would be able to enter any of the multiple participating research databases > without needing to log in to each one separately. > The question: What are the basic technical specifications for setting up > such a system. What are open source options, ideally? What language would > be ideal? What is required to host such a system? Can you suggest a sketch > of the basic steps necessary to implement such an idea? > Any advice, from basics to details would be greatly appreciated. Thanks > so much! > Ocaasi > http://enwp.org/User:Ocaasi > ___ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] Creating a centralized access point for propriety databases/resources
Hi Folks! The problem: Many proprietary research databases have donated free access to select Wikipedia editors (Credo Reference, HighBeam Research, JSTOR). Managing separate account distribution for each service doesn't scale well. The idea: Centralize access to these separate resources behind a single secure (firewalled) gateway, to which accounts would be given to a limited number of approved users. After logging in to this single gateway, users would be able to enter any of the multiple participating research databases without needing to log in to each one separately. The question: What are the basic technical specifications for setting up such a system. What are open source options, ideally? What language would be ideal? What is required to host such a system? Can you suggest a sketch of the basic steps necessary to implement such an idea? Any advice, from basics to details would be greatly appreciated. Thanks so much! Ocaasi http://enwp.org/User:Ocaasi ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
