Access difficulties via the OpenAthens gateway have now been resolved.
There are currently difficulties connecting to electronic resources via the OpenAthens gateway. This includes access to Digimap for users at those institutions using OpenAthens. Trying to log in using this method may result in a message saying that your institution does not subscribe to this service.
Access to Digimap for those using their institution’s own Identity Provider is unaffected.
Further information will be posted here and on the Digimap login page when available.
From 1 August 2008, access to Digimap will be via the UK federation only. If your institution has not made appropriate provision for this change, users at your institution will not be able to gain access to any Digimap Collection.
While there is a considerable volume of documentation about the transition between Athens and Shibboleth, there are one or two points relating to Digimap which may have been overlooked and which we would like to draw to your attention.
Regardless of which method your institution is employing to access Digimap, it will need to assert user accountability. Broadly speaking, this means that the institution must able to trace activity in any given session to an individual. User identifiers must not be reused or recycled according to a specific policy, and access to resources must be withdrawn in a timely fashion, when appropriate. You can read more about asserting user accountability in the UK federation’s Rules of Membership (section 6, here: http://www.ukfederation.org.uk/library/uploads/Documents/rules-of-membership.pdf
and on the UK federation website, point 9, here: http://www.ukfederation.org.uk/content/Documents/AttributeUsageNotes.
If your institution is not asserting user accountability, all users will be denied access to all Digimap Collections, except Historic Digimap.
If your institution is using OpenAthens, it will be necessary to have a virtual Identity Provider with Eduserv in order for your institution to be able to assert user accountability. Accessing Digimap using the “Eduserv Athens” option in the WAYF will not give your users access to Digimap, since it is not possible to assert user accountability by this method.
If your institution does not yet assert user accountability, you will see a message to this effect when you try to log in to Digimap. If you see this message, please contact someone in your institution who deals with your UK federation implementation. EDINA cannot change this for you.
Using a local Identity Provider
If your institution is running its own Identity Provider, you may find the list of technical requirements on the EDINA website useful. If you are having trouble accessing Digimap while testing your Shibboleth implementation, please check that your Identity Provider is releasing the appropriate attributes, as given in the above list.
No UK federation?
If your institution has not registered with the UK federation, does not have an in-house Identity Provider or has not registered with OpenAthens, action is required as soon as possible. Setting up access to online resources via the UK federation is not an instant process.
EDINA has identified from publicly available lists, that there are some institutions subscribing to Digimap which appear not to be registered either with the UK federation or with OpenAthens. Users at these institutions will not be able to access Digimap at all from 1 August 2008.
If your institution is unable to set up access to online resources via the UK federation by 1 August, please contact the EDINA Helpdesk, where we will refer you to JISC Collections. You can telephone us on 0131 650 3302 or contact us by email: email@example.com
The imminent changes to authentication mechanisms across the UK tertiary education sector have implications for access to Digimap. A change of login credentials may mean that users are required to re-register with Digimap in order to continue accessing the service.
From 1 August 2008, access to Digimap will be via the UK federation only. This will mean that all subscribing institutions must offer their users access to Digimap through one of two methods:
1. using OpenAthens
2. via an in-house Shibboleth Identity Provider
Whichever method your institution chooses, one of the following re-registration consequences will apply:
- Users who are already registered and continue to access Digimap through the OpenAthens service should not be required to re-register for Digimap.
- Users who are already accessing Digimap using their institution’s in-house Shibboleth Identity Provider (i.e. are already registered with their Shibboleth credentials) will also not be required to re-register
- Institutions moving from classic Athens or Athens DA authentication to using their own in-house Shibboleth Identity Provider should be prepared for all their Digimap users having to re-register.
This applies to all those Digimap Collections which require a secondary registration (currently Marine Digimap, Geology Digimap and Digimap’s Ordnance Survey Collection). Any change to an institutional login account will result in a requirement for users to re-register their new account details with Digimap. Indeed, those who have already made the transition from Athens to Shibboleth will already have undertaken this re-registration.
When users are issued with UK federation login credentials, they will need to register these new credentials with Digimap. However, this means that any personalisation (including data download histories for MasterMap Download) associated with their previous (Athens) accounts will not be accessible through their new account. To ease the transition process, EDINA has implemented a linking mechanism between existing Athens registrations and new Shibboleth registrations. This is a two-stage process:
The first stage is to collect some additional information from each user, in the form of a question and answer, while they are still accessing Digimap with their Athens-based login credentials. For example, the user may be asked “what is your favourite place?”, to which the reply might be “New York”. From the date of implementation of this facility, all Digimap users have been asked to complete this process when they log in. This additional step is only required once, not once per Collection, but must be completed before access can be gained to the service.
The second stage of the linking mechanism occurs when a user logs in with a new set of (UK federation-based) credentials which have not yet been registered with Digimap, and will only occur if the user has completed the first stage of the process with their previous account details. With these new credentials the user is guided through an abbreviated form of the Digimap registration process. If the details submitted by the user (surname and email address) match an existing set of details, the user will be asked to confirm the answer to their chosen question (as per stage one). Assuming the question is answered correctly, the two registration records will then be linked and any personalisation within Digimap will be available to the user under their new login credentials.
This process is not able to catch all new account holders, since it relies on users submitting a surname and email address for their new login credentials which are identical to those they submitted using their previous (Athens) credentials. For example, an email address submitted with Athens credentials as firstname.lastname@example.org will not match an email address submitted with the same individual’s UK federation credentials as email@example.com, even though both addresses may function, and may reach the same person. We also understand from our site representatives that some users don’t always spell their surnames the same way!
Those users who do not log in with their Athens accounts and complete stage one of this process will not be able to link their existing account to any new account. Such users will need to register their new UK federation accounts in the usual way, and will not be able to retain any personalisation which existed with their previous account. Those users who already have both Athens and UK federation accounts registered with Digimap will not be able to link personalisation information between the two. However, logging in with a new Shibboleth account will allow users to link to a previous Shibboleth account.
This information has previously been published in EDINA Newsline (June 2008). An email with this information was also sent to all users on 12 June 2008.
Access to all EDINA services, including the Digimap Collections, will be via UK Federation authentication only from 1 August 2008. This can be done either directly through the UK Federation or by using the OpenAthens gateway services.
EDINA has established from publicly available lists that there are some institutions which have not yet indicated which authentication system they will be using from 1 August 2008.
If your institution is not able to authenticate users with one of these methods by 1 August 2008, users at those institutions will lose access to the Digimap Collections. EDINA is not able to provide any alternative means of access, therefore we would urge you to consider which authentication system is most suitable for your institution’s needs.
If you have any questions about access to Digimap, or would like to discuss the implications of this change further, please do not hesitate to contact us. You can reach us by email on firstname.lastname@example.org or by telephone on 0131 650 3302.