IUG 2001 Conference Proceedings

Table of Contents

Session: H4

Using a Third-Party Proxy System with the Innovative Patron API

Jennifer Ward, University of Washington Libraries

Emalee Craft, University of Washington Libraries

Presentation and handouts available at: http://faculty.washington.edu/jlward1/iug/

What is a proxy? Software or hardware to control access to resources. Libraries need to allow people on the outside to use resources on the inside. Libraries have diverse resources mostly restricted by IP address. If a user is on campus or using the University of Washington as an ISP, they are automatically authenticated. If using a remote ISP, users must go through a proxy server.

The goal is to provide web resources safely but all users are equal and we must fit license requirements to the users. The solution is a proxy server. The user accesses the server, authenticates, and then is presented the appropriate pages. UW also wanted to limit traffic on their servers as they have hundreds of restricted resources. An HTTP proxy did not require software for their users. They use a Windows NT Server environment and have some in-house JAVA familiarity. They needed a way to provide the user authentication. UW uses Doit’s Muffin World Wide Web Filtering System http://muffin.doit.org/. It is Java based, open source, and free. The Innovative patron database is the largest source of users on the UW campus.

Advantages of Muffin include: allowing selective proxying; can meet the needs of many users; handles many remote domains—will handle over 200 domains. This is more than Innovative’s WAM product. It has detailed logs and Java "hooks" which allow many uses of Patron API. UW Proxy was in development before WAM was released.

Patron API downloads the entire patron record and puts it into a hash table, which is stored thus allowing access. Then, authorization to access restricted resources is based on p-type. Privilege codes 2-5 can access all resources. The UW Libraries are currently trying to incorporate this process with the use of a campus ID. They will coordinate authentication between the library and the university.

The PAC file is written in JavaScript and proxies at the domain level. There is no service interruption for the user when updating file. Disadvantages are that it proxies at the domain level and users must configure their browsers. UW has developed a Proxy server wizard, which steps users through the process. A Help Me button allows library staff to troubleshoot problems. It does a browser check and then brings back information and gives setup information. Because of a configuration problem for IE5, a special PAC file must be created for it. Jennifer and Emalee reported that their main source of information on troubleshooting is trial and error. They have discovered that the Mac OS has caused some problems.

Support issues include: login method (a 14 digit number and PIN are required), problems come when patrons have multiple Ids or PINs; expired patron records; browser configuration problems (people don’t read!); conflicts with ISP-provided browsers where the ISP modifies the browser and the user cannot overwrite the information. A full and current version of Netscape is frequently the best browser to use for most resources. The proxy server runs on port 51966, so firewall administrators must punch a hole in TCP/IP port 51966 in order for users inside the firewall to use the proxy server. Other support issues: Personal LANS and firewalls are often improperly configured or a proxy server that caches pages. The matrix involving operating system, ISP, and browser is very complicated. UW has over 200 electronic resources and is looking forward to a future release of a new authentication method, which will work with the campus user ID.

The PowerPoint slides for this presentation are available at http://faculty.washington.edu/jlward1/

Emalee Craft crafte@u.washington.edu

Jennifer Ward jlward1@u.washington.edu

H. Denyse Seaman, Baylor University Libraries