HathiTrust has implemented Shibboleth , a mechanism for inter-institution authentication, in order to allow specialized services for persons affiliated with partner institutions. Configuration with Shibboleth is required to authenticate into HathiTrust. Current services offered to authenticated members of partner institutions include:
- full-PDF download of public domain works
- facilitated access to the Collection Builder application, which makes it possible for users to aggregate works into permanent collections either for private use or to share publicly with others
- special access for users who have a print disability (only in the U.S.; see http://www.hathitrust.org/accessibility )
- access to works held in print by partner institutions that are missing or brittle and also out of print (only in the U.S.; see http://www.hathitrust.org/out-of-print-brittle ).
To receive these services, HathiTrust partner institutions must meet the following requirements:
- belong to a Shibboleth federation for which HathiTrust is a registered service provider; currently, InCommon (for partners in the US) or RedIris (for partners in Spain); for partners in other countries, please contact us and we will work with you to register with the appropriate federation
- enable communication with the HathiTrust service provider through the release of certain attributes (see below for details)
- have updated contact information in their federation metadata; e.g., for InCommon, support and technical contacts must be updated according to federation guidelines .
We will work directly with partners to ensure that access through Shibboleth is tested and working properly.
The entityID for the HathiTrust Service Provider is http://www.hathitrust.org/shibboleth-sp. Further details about HathiTrust Shibboleth services follow below. Please contact firstname.lastname@example.org with any questions, or to test your Shibboleth configuration.
Terms and Conditions
The Collection Builder, full-PDF download, and enhanced access services provided through Shibboleth are made available to faculty, staff, students, and alumni at participating HathiTrust institutions.
Shibboleth Attributes that must be released to HathiTrust to provide services
- eduPersonScopedAffiliation (required) – to verify a user’s source institution
- 'member' and 'alum' are the only accepted values
- eduPersonTargetedID (required) – to offer collection-building services
- If an institution does not yet have eduPersonTargetedID, we will accept eduPersonPrincipalName with the understanding that if a user's eduPersonPrincipalName were to change, their saved personalized HT environment would no longer be available to them.
- displayName (desired) – to offer a personalized greeting on web pages
eduPersonEntitlement (optional) – to offer enhanced access to content. We are not using this attribute currently but are tentatively planning future services around the use of the attribute (including direct access for users who have print disabilities; current services for users who have print disabilities is offered via an institutional Proxy - see http://www.hathitrust.org/accessibility ). There are more issues to work out and we do not have an ETA for implementation. However, we want to let institutions know for planning purposes that the use of this attribute is a serious prospect. Some preliminary values of the attribute that have been discussed are as follows:
- If an institution doesn't wish to release displayName, we will greet the users from that institution with a generic welcome.
- http://www.hathitrust.org/access/enhancedText - attribute value for users who have a print disability
- http://www.hathitrust.org/access/enhancedTextProxy - attribute value for those accessing works on behalf of users who have a print disability
- http://www.hathitrust.org/access/standard - attribute value for standard use. This attribute value is not required but is provided for Identity Providers that prefer to enter an entitlement value for all users.
- library-walk-in (optional) – to offer certain member services to guest users (for instance, full-PDF download of all public domain materials or access to works that are brittle, missing, and also out of print ). The library-walk-in attribute will not enable personalized services, such as the ability to save volumes to permanent personal collections. Partners who wish to use HathiTrust library-walk-in functionality must confirm in writing that they are asserting the library-walk-in affiliation only for users physically present in a library building at the time of session initiation.
The eduPersonScopedAffiliation, and eduPersonTargetedID attributes are required for service and do not convey personal identification information. The displayName attribute, which conveys personally identifiable information, is highly desired and will be used to provide a customized user experience on HathiTrust web pages. The contents of displayName and eduPersonEntitlement, if provided to HathiTrust, will be used solely for the delivery services and will not be distributed to third parties or saved in databases other than those that function to deliver HathiTrust services.
Note on Proxy Servers
HathiTrust does not support access via proxy servers like EZProxy that attempt to provide IP-based access to authenticated users. We do not recommend using proxy servers with HathiTrust for the following reasons:
- Users do not gain additional access to materials when coming from campus IP addresses.
- HathiTrust uses rate-limiting to ensure compliance with third-party agreements and provide a consistent user experience for all users. Our rate-limiting mechanisms treat all users accessing through a proxy server as a single user, so the more users that access from a proxy server at a given institution, the more likely those users are to have their rate of access limited.
- Using a proxy server may impede an institution's ability to ensure compliance with restrictions on use of HathiTrust materials, possibly granting unintended access for users who are not faculty, students or staff, or facilitating other unauthorized access.
- Access through proxy servers is slower, more complex, and prone to breakage.