A Statewide Community of Trust: An RUcore Implementation Using Shibboleth and XACML

Thumbnail Image
Jantz, Ron
Associated Organizations
Organizational Unit
Supplementary to
RUcore (http://rucore.libraries.rutgers.edu ) is Rutgers University's Fedora-based institutional repository. The RUcore framework provides generic services for users, collections, and digital preservation. As a result, this framework is being used extensively to support grant funded projects relating to specific subject content and formats. One such project, NJVid (http://www.njvid.org), is an IMLS grant-funded development that will provide the services to New Jersey institutions for accessing both publicly available and licensed videos. Providing access to video-based collections has required significant enhancements to RUcore in the areas of storage architecture, networking, authentication/authorization, and services. Rutgers University Libraries has worked in concert with grant partners to develop a comprehensive authentication and authorization capability using Shibboleth and the eXtensible Access Control Markup Language (XACML). In a Shibboleth federation, the resource provider (RUcore) relies on the origin site (one of many New Jersey institutions) to securely transfer attributes about the user that can be used for access control decisions. The RUcore architecture provides an innovative combination of authentication and authorization procedures which are incorporated with Shibboleth's native services and customized to support a range of organizational types, including museums, archives, public libraries and K-12 schools. RUcore services interact with Shibboleth and XACML policies, maintained in object metadata, to enable our statewide repository architecture to integrate three types of video collections: the open access resources typically provided by repositories, commercial resources licensed to one or more participating institutions, and resources that the creators want to keep private, such as those restricted to specific courses. In addition, this same A/A framework will support other RUcore applications such as restricting access to a dissertation based on student request. This capability is integrated with Rutgers' open-source ETD application - RUetd. Our authentication and authorization strategy enables us to provide a fully functioning repository that can actively support research and education and that makes both open access and restricted resources available based on appropriate policies for each institution and organization. A unique aspect of the NJVid project is the inclusion of smaller institutions (schools, museums, etc) in the Shibboleth federation that do not have their own directory services. As part of our goal of "no organization left behind", NJEDge (the NJVid hosting organization), will provide proxy LDAP services for these organizations. This presentation will describe the Fedora-based implementation to support authentication and authorization for NJVid and other special services that are part of the institutional repository including digital dissertations (ETDs). The specific work is a partnership among Rutgers' Office of Information Technology, Rutgers University Libraries, and the New Jersey Institute of Technology.
Institute of Museum and Library Services
Date Issued
Resource Type
Resource Subtype
Rights Statement
Rights URI