Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 21 Next »

Introduction

The UMass Amherst Library currently provides access to digital media (film and television) to students enrolled in blended classroom courses hosted in SPARK. Access (authentication and authorization) to this copyrighted material is provided through the integration of the UMass Amherst SPARK environment and the UMass Amherst Library's Media Server and enforced through a cookie set at login into SPARK. UMass Amherst would like to extend this service managed through the Library's media server to include fully online (UMOL/CPE) faculty.

Background

Currently SPARK is able to set a cookie (see below) at the umass.edu domain level that can be read by the UMass Amherst Library's media server. In order to authenticate UMassOnline users as well as authorize them to see specific content (e.g. a film associated with their course) UMassOnline will need to assert to the Library media server a request is from a valid student in a course.

UMA CPE has requested this functionality be available for Spring 2011, however as we have not yet been able to define a solution, this request may not be fulfilled. UMOL is working with both Blackboard and the Blackboard user groups to see if other schools have any experience in this.

Stakeholders

Aaron Addison
Unix Administrator, UMass Amherst Library
addison(at)library(dot)umass(dot)edu
ph: (413) 577-2104

Bret Holloway
Manager, eLearning Programs
Division of Continuing & Professional Education, UMass Amherst
ph: (413) 545-5210
breth(at)contined(dot)umass(dot)edu

Timothy Lambert
Integration Support, UMassOnline
ph: (774) 455- 7605
tlambert(at)umassonline(dot)net

Raveendra (Ravi) Mekala
Principle Software Administrator, University Information Technology Services
ph: (774) 455-7815
rmekala(at)umassp(dot)edu

Brian DeKemper
Solutions Engineer, NAHE Sales
Blackboard Learn
ph: (317) 426-0235
brian(dot)dekemper(at)blackboard(dot)com

Status

At this point no solution has been defined to provide the secure integration required.

UPDATE: Please refer to  BBLEARN-1302 - Getting issue details... STATUS  for the most recent updates on this integration.

UPDATE: The Basic LTI configuration is complete and set in Production. Information on using this can be found here. UMass Amherst Library Media Server

Previous Activity

UMOL and the UMA Library have explored the following candidate solutions to date:

  1. Set a cookie with UMOL Vista users replicating the current functionality in the SPARK/UMA Library integration. This will not work as first-party cookies can only be set and read within the same domain.
  2. Embed links to the Library via a perl script (see below), that would allow access to the Library, but as this would need to be installed on each node to make the resources available despite where the user's session, anyone who had the URL, despite the campus they were coming from could access the media--the Library is not comfortable with a "private link" level of security.
  3. Pass a token:* UMass Amherst Library suggested passing something on the url like http://www.library.umass.edu/file?token=suppliedbyyou and offered a schematic\. The token would need to change daily. While the above MD5 module was supplied to UITS, it was unclear to UITS how the Amherst Vista cluster was implementing it or what action was needed to enable it and no further action was taken.
  4. Use the same process currently in use by OWL for authentication and authorization. This will not work as each OWL user is defined by a separate batch upload from UMOL to OWL.
  5. Install an identity management Blackboard Powerlink to try and connect UMOL and the UMA Library. As of last Friday (11/19), the Amherst Library indicated this would not work upon initial evaluation, but would review further to assess if any options are possible.
  6. Piggy backing on the the SSO/LDAP connection UMOL and UMA are working on. (moving to production SP11). If Bb Vista can authenticate against an external source, then perhaps the Media Server can too?
  7. BBased on the difficulty we have encountered with identifying a solution for this issue, Blackboard Professional Services has been engaged to assess development options and costs for the UMOL VIsta to Library connector.
    • Blackboard professional services was available to meet on Dec.21.
    • While a tentative time (2:00 pm, Dec. 21st, 2010) for a call to discuss the integration issues with Blackboard and Amherst was selected by Bb, UMOL, UMA CPE and UITS, the UMA Library did not confirm until after this meeting was canceled.
  8. Meet with Blackboard
    UMass Amherst Library, UMassOnline and UITS met with Blackboard Professional Services to discuss contracting for the development of the UMA Library/UMOL integration on Jan. 6, 2011. The meeting focused on introducing the integration issue(s) and project goals to Blackboard's Professional Services group and Brian DeKemper.
  9. Recommendation: Central Authentication Services (January 25, 2011)
    After initial review, Brian DeKemper of Blackboard Professional Services has suggested the best way to connect the larger UMOL Vista instance to the Amherst Library media server would be through Central Authentication Service (CAS)or other standard authentication solution.
    • According to Bb, Vista natively lacks some of the core API functionality that would allow the integration to be built out of the box.
    • Brian DeKemper would like to set up a quick call to discuss CAS and possibly take a look at other alternatives?
    • In parallel, Bb's consulting team is putting together a CAS proposal if that would be something that could be utilized in this case.
  10. Meeting with Blackboard: A conference call was scheduled on for Feb 1, 2011 at 11:30 with UMOL/UITS, the UMass Amherst Library and Brian DeKemper of Blackboard Professional Services to discuss CAS.
    • Due to the lack of experience with CAS within UMOL/UITS and the UMass Amherst Library, Bb determined that a meeting would not be beneficial and that they will work on finding another solution.
  11. Feb 1, 2011: Blackboard is seeking an alternative approach for authentication/authorization due to the lack of experience with CAS in UMOL/UITS and the UMass Amherst Library. While there may be a lack of experience with CAS, UMOL is willing to investigate the requirements and resources to implement this option as a solution, however before any promises can be made UMOL and UITS would need to better understand our role and responsibilities for implementation and ongoing maintenance.
  12. Feb. 4, 2011: UMOL reached out to the UMA Library to assess if the library would be able to use CAS. "I understand that the Library does not have any experience with CAS, neither does UMassOnline nor UITS, however I am thinking that this might be the project that gets us going, if that is what the ultimate recommendation is from Blackboard. CAS could provide UMassOnline with other opportunities for SSO, so it might be the time for us to invest. I can understand, however, that this may not be the case for the Library. Also I imagine that perhaps the Library and you may not actually have access to the campuses IdM (LDAP, AD, etc.) and have to work through OIT or another office, thus limiting your ability to commit."
    • The UMA Library responded that CAS would not be an option. "The Library currently has no experience with CAS. What we were hoping for was some token or proof of authentication. You are correct that we do not have access to campus authentication sources so we would be unable to verify any login credentials. It may be that if Blackboard is unable to suggest any options other than CAS, we may need to look at another approach and close this line of inquiry.
  13. Feb. 16, 2011: Kate Kreager of Blackboard followed up indicating, that the only option would be CAS. "The first option would be core code modifications, our consulting team refuses to sign off on this option understandably due to the risk involved. The second is CAS as SSO but we're aware that your team doesn't have much experience with CAS which also presents risk. So, at this stage, unless we pursue the CAS option...it seems as though we can't find a way to help regrettably."
  14. Feb. 18, 2011: UMOL informed UMA CPE that "unfortunately the recommendation [nifti:from Blackboard] is the same, using Central Authentication Service (CAS) is the only option. UMOL also conveyed that Blackboard's conclusions make sense, "It's clearly not advisable to invest development efforts to core Vista, not only does that compromise the application, but as the system will soon be retired, we wouldn't realize much return on our investment." While UMOL could see a benefit as, "investing in CAS could provide greater return as it would be available for other services as well, as UMassOnline extends our service portfolio... this project would provide the motivation to move forward with an implementation." UMOL also informed UMA CPE that while UMOL may be willing to investigate CAS further other departments would be required to participate: The Library would need to re-write their authentication processes to use CAS and UMA OIT would need to actually deploy (and administer) CAS as they manage Identify Management at UMA. Finally a recommendation was made to UMA CPE to work within UMA, "The issues to CAS are internal to the Amherst campus and not UMassOnline or Blackboard. At this point, unless Amherst can implement CAS, there is no solution that would make the library's videos available to UMassOnline students."
    1. All stake holders have been informed that there is currently no defined solution, other than CAS and that such an implementation would require deployment efforts through UMA OIT. Once that was done UMA Library would need to rewrite their existing authentication mechanisms.
  15. March 11, 2011: Bret Holloway from UMass Amherst CPE has introduced the following:
    Do the typical links in UMassOnline courses already in high usage for eReserves or electronic journal articles provie a model for integration? Since this method already exists (https://login.silk.library.umass.edu/login) and already works for UMOL online instructors - is there any way to apply that approach to the Library's Media Server? Students would have to provide their NetIDs and passwords to authenticate and view content.
    1. Potential issues:
      • students could in theory pass out their credentials to view digitized content.
  16. March 11, 2011: UMass Amherst Library informed UMass Amherst CPE that the suggested solution of re-authenticating like already implemented in ereserves, will not resolve any of their issues. That approach would only verify (authenticate) that the user is a UMass student or faculty, but not that they are enrolled in the course and authorized to see the content.
  17. March 15, 2011: UMass Library continues to look into using local user cookies to verify enrollment in specific sections and has requested a umassonline.net DNS entry be associated with a UMass Amherst IP address so the umassonline.net entry can be utilized for authorization purposes.
    1. Awaiting additional information from UMass Amherst Library before opening ticket with UITS systems for DNS entry.

Current Activity

March 28, 2011: Heat ticket (ticket #22756) has been opened with UITS to have a cname record for umalibrarymedia.umassonline.net pointing to www.library.umass.edu (128.119.168.9)

  • Heat ticket was completed and closed. umalibrarymedia.umassonline.net now resolves to www.library.umass.edu. Aaron has been updated.

May 29, 2013: Library streaming server is integrated with BbL using LTI standard.

One sheet instruction for participating faculty here. Adding streaming media reserve content to your online course1[18].pdf

Additional Resources

#!/usr/local/bin/perl
use Digest::MD5 qw(md5_hex);

@theJulianDate = ( 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 );


#************************************************************************
#****   Return 1 if we are after the leap day in a leap year.       *****
#************************************************************************

sub leapDay
{
   my($year,$month,$day) = @_;

   if (year % 4) {
return(0);
   }

if (!(year % 100)) {             # years that are multiples of 100
     # are not leap years
if (year % 400) {            # unless they are multiples of 400
    return(0);
}
   }
   if (month < 2) {
return(0);
   } elsif ((month == 2) && (day < 29)) {
return(0);
   } else {
return(1);
   }
}


#************************************************************************
#****   Pass in the date, in seconds, of the day you want the       *****
#****   julian date for.  If your localtime() returns the year day  *****
#****   return that, otherwise figure out the julian date.          *****
#************************************************************************

sub julianDate
{
   my($dateInSeconds) = @_;
   my($sec, $min, $hour, $mday, $mon, $year, $wday, $yday);

   ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday) =
localtime($dateInSeconds);
   if (defined($yday)) {
return($yday+1);
   } else {
return($theJulianDate[$mon] + $mday + &leapDay($year,$mon,$mday));
   }

}

$toek=&julianDate(time);
$toek++;
$token="hbgsdiofgsd9fgerghseoirt7yw357ywerfgzdfhbgsdfgsd
${toek}xfgsdf9g786sdf9gsdfgehbwrtweor76sd98fv769x8f7vg6sd9r78t6we9t7dfcg";

print md5_hex($token);
  • No labels