You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »

Background

Some vendors provide their content directly to the Academic Libraries, with the expectation that the library will host that content and make it available only to authorized (logged in) users.  The content has no restrictions or DRM protection in terms of time limited use or “expiration” requirements, but the files must be protected from access by users who have not authenticated users with access rights. In other words, authenticated via the Circulation Manager and even users who know the URL to the files.

Access Control Workflow

Architecture

Access Control is an enhancement for existing S3 mirroring feature. It adds ability to presign S3 URLs which allows to share access to protected books only to authenticated patrons and only for specific amount of time.

Importing collections into Circulation Manager

  1. Content Provider hands off the content to the Content Distributor (Lyrasis) in the following format:
    1. Directory containing an EPUB or PDF file for every title in the collection
    2. Directory containing a full-size cover image for every title in the collection
    3. Directory containing metadata files containing MARC or ONIX 3.0 metadata for every title in the collection
  2. Content Distributor creates two S3 buckets:
    1. Public bucket for covers
    2. Protected access bucket for books
  3. Content Distributor creates a storage service in Circulation Manager (either S3 or MinIO) and fills in bucket properties: Book Covers Bucket, Protected Access Content Bucket
  4. Content Distributor specifies S3 presigned URL expiration in the newly created storage service

  5. Content Distributor runs bin/batch_directory_import

    /bin/batch_directory_import \
    --collection Manual \
    --collection-type PROTECTED_ACCESS
    --data-source-name oapen \
    --metadata-directory ./onix_collection/metadata \
    --ebook-directory ./onix_collection/books \
    --cover-directory ./onix_collection/covers \
    --rights-uri http://librarysimplified.org/terms/rights-status

As a result all the content will be replicated to S3 or MinIO:

  • All the covers will be mirrored to Book Covers Bucket
  • All the books will be mirrored to Protected Access Content Bucket
  • New collections will be created in Circulation Manager for each metadata file

Fulfilment workflow

After the collection is imported into Circulation Manager patrons can access the content. The actual workflow is depicted on the picture below: during a fulfilment process Circulation Manager creates a signed link and returns it back to the client which is used by the patron to download the actual content.

Image I. Fulfilment workflow

Testing

Requirements

To implement this functionality you must have access to the following

  • Circulation Manager ver 3.X.X
  • MARC or ONIX Files
  • EPUBs or PDF files
  • Cover Art (jpegs,pngs) for the respective EPUBs or PDFs.
  • Network reachable location (for example, a file share in LAN).

Testing Steps

  1. Create a new S3 storage by setting up the following settings as it’s shown in the picture below:
    1. Access key should be set up to an AWS access key
    2. Secret key should be set up an AWS secret key
    3. S3 region should be set up to an AWS region where buckets are located (the default is us-east-1)
    4. S3 addressing style should be set up to Virtual to allow virtual hosted-style URLs
    5. S3 presigned URL expiration should be set to S3 Default
    6. URL format should be set to S3 Default
    7. Book Covers Bucket should be set up to to the open-access bucket
    8. Protected Access content Bucket should be set up to the bucket with restricted access



  1. Create a new collection in Circulation Manager and set up the following settings:
    1. Covers Mirror should be set up to the newly created S3 storage (it will appear in the dropdown only in the case you filled in Book Covers Bucket in S3 settings)
    2. Protected access mirror should be set up to the newly created S3 storage (it will appear in the dropdown only in the case you filled in Protected Access Content Bucket in S3 settings)
    3. URL signing should be set up to Sign URL and make them expirable



  1. Import an ONIX collection into Circulation Manager: 

    /bin/directory_import \
    --collection Manual \
    --collection-type PROTECTED_ACCESS \
    --data-source-name oapen \
    --metadata-format onix \
    --metadata-file ./onix_collection/onix2.xml \
    --ebook-directory ./onix_collection \
    --rights-uri http://librarysimplified.org/terms/rights-status

    Please make sure that MARC/ONIX files, books and their covers are located on a local machine or at a network reachable location (for example, a file share in LAN).

  2. Update the search index: 

    /bin/search_index_refresh
  3. Try to download a book and Circulation Manager must generate a pre signed URL
  • No labels

All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.