I am looking at using ZenPhoto for a website for colleges and universities. The issue I am facing is that colleges use IP authentication. The way this works is that an account is created for an administrator at a college on the website. The IP address or range that the administrator provided are then mapped to the user account. Students at that college do not need to create an individual account or login to the website as long as they are on their college network. If the student is off-campus, they need to login to their college network before they can get access.
Is there a possibility to do the same with Zen Photo? Is this feature possible?
By the way, Open Journal System already has the IP authentication built in. If there is a way to connect OJS and ZenPhoto, that will be great.
Any comments?
Further explanation:
I am looking at using Zen Photo for a subscription website for colleges and universities. The issue I am facing now is that colleges use IP authentication. It is the standard method of granting colleges/universities access to content. The reason that IP authentication is used is because it would be impossible and daunting to create an individual user account for each student and faculty at the college given that some schools have 5,000 plus students. IP authentication is used as a way of providing access to online content to a large groups of people.
The way IP authentication works is that an account is created for the college administrator on the website. The IP address or range of the college is then mapped to the administrator's user account. By map, I mean that the website webmaster can choose two ways to authenticate access for the college. They can authenticate access via domain OR by IP address (or IP range). This IP authentication feature is already built in Open Journal System, which is used for peer-reviewed journals.
Students at that college do not need to create an individual account or login to the website as long as they are logged into their college network. For example, students at library can access the materials after they have logged into any of their college computers in the library or the lab. Now, if the student is off-campus and want to access the contents of the website, they need to login to their college network before they can get access to read the contents of the website.
Is there a possibility for this functionality in ZenPhoto?
I would be happy to get feedback from the ZenPhoto community about IP authentication.
There is no IP authentification for Zenphoto. Especially since storing the IP is considered a privacy issue in some countries (like mine) and not reliable since it may change on connection. In your purpose of course it makes sense.
Anyway, it is generally possible to develope a custom authentification. You will have to make your own version of zp-core/lib-auth.php. See the instructions on the file comments itself.
Alternatively you could try the development svn/nightly which already features a plugin called "federated_logon" which you possibly can extent/customize for your purpose.
I am sure my collegue sbillard will be able to tell more later.
It is really impossible to answer our request as I know nothing about Open Journal System. Quick Google of OJS seems to indicate it is an editing system rather than an authentication system, though.
It is also not clear how the student login works when the student is off network.
But, a simple gateway that passes access from users within a specific IP range would be pretty straight forware, it perhaps also significantly insecure. Such could be custom built for something in the range of $500. But I am not at all convinced that it would be acceptable given how easy it is to spoof IP addresses.
You should go back to the school network administrators and find out if they have a OpenID provider facility of some sort. If so, the Federated Logon facility that is in development will work out of the box but will probably be a little less user friendly than the student's normal logon. If the provider supports a Discovery interface the Student authorizaton for Zenphoto devolves to simply clicking on an icon.
At any rate, providing a custom OpenID handler for the school provider would normally run about $100. However, testing may be an issue since we are not school members. That could increase the development costs.
Let me clarify:
With IP authentication, the student NEVER logs in or creates an account. They are simply authenticated once they are on the universiy network. Usually at a university, students are already logged into the university network, which allows them to search their library collection, print over a network, and much more
Open Journal System does do authentication. People that use OJS use it to provide institutional access to colleges and universities.
I am sending you the relevant page number of the information about IP authentication form OJS Documentation. The documentation includes description and screenshoots.
http://pkp.sfu.ca/ojs/docs/userguide/2.3.3/userguide.pdf
Authentication Sources - page 37
Shows the screen for entering the IP ranges - page 120
Subscription Types - page 103
Institutional - page 116
Usually, when the student is off-campus, they need to go to the university website to login. For example, if a student wants to use the library when they are home (not on campus), they go to their library website and login with their university username and password. Once they are authenticated by their university website, they are then given access to the library.
I have users who can test it.
"Authentication Sources:
By default, OJS authenticates users against its internal database. It is possible, however, to use other methods
of authentication, such as LDAP. Additional authentication sources are implemented as OJS plugins; refer to the
documentation shipped with each plugin for details."
Just for your education, what this says is that OJS has an internal mechanism for authentication. It is NOT an authentication server. Likewise, Zenphoto has an internal mechanism for authentication and does not play a role in authenticating for other applications. It does say that other sources are supported via plugins, so you shoule ascertain if OJS supports OpenID authentication and if your University provides such an authentication server.
The document also clearly shows a logon page which makes no mention of IP addresses. It also describes "changing your user profile" which to initiate you "log in and click the Edit My Profile link from your User Home page."
I do not have the time to carefully study this document. (And should I do so, it would obviously be "on your dime".) But I suspect that something else is going on under the hood here that you are not aware of.
As I have mentioned before, ip address is simply not secure enought to be used for any serious authenitication. Also it does not a-priori link to any specific identification. So if students are really using this system with real, human identities, then some other logon mechanism is taking place.
Again, you should speak to your network administrator to find out how things really work. You would be wasting your money contracting for one of us to learn all of this without even knowing if anything is feasible.
I should clarify something. I am not with a university, and I think you might have assumed that this project is being developed by a university. This is a service for universities and its libraries. The libraries usually use a static IP address from their network to access remote content. The university use a proxy software, which connect the university libraries via their IP address to the content provider's website.
What I am trying to find out now is if an authentication plugin (or the federated login mentioned earlier) can be extended to give university access to the contents of a ZenPhoto website?
If you have a better and secure solution than IP authentication, I would like to hear about it.
Take a look at page 114 (should say 114 at the footer) on the PDF document. It shows a screenshot and it says "Domain" or "IP Ranges".
If you are providing a service to Universiteis, why do you not just configue your router to allow only those IP addresses to access the router?
It is possible to enhance Zenphoto to filter access by IP address. If you wish to go forward, this is the first estimate I provided you.
I am not in the business to do free research on a project. If you wish to go forward you have two choices--your best choice is to create a statement of requirements. From that we can give you a project estimate. If you need us to do the research of the requirements that would be done on a time and materials basis at $80 an hour.
The whole point of this post is to see if ZenPhoto has the capability to allow universities access to its content. Since I am considering ZenPhoto for a project, I was trying to find out what it would take to extend and maintain the plugin in order to accomplish the goal of the project.
Most users that use ZenPhoto might use it for personal or business purposes. When you are dealing with academic instutitons (colleges and universities), they have very different needs and require a very different way of accessing content. For universities, you are not dealing with each individual student, you are dealing with the entire campus, the entire campus becomes one user. I am not sure how to explain this, but you do have my email, should you wish to get in touch with me offline and discuss matters.
And you posted the question twice, because?
Thanks for responding. I do not get notification and so, do not know that a response has been posted.
@zenPhotoCharles - I did not realize it was posted twice because I hit the stop loading this page icon so I can add the version number.
@sbillard - I never said that I was not interested. I have been swamped with work, and have not had time to do anything or write up a project spec as your required.
It would be great to do the project in ZenPhoto. My only concern now is that I will need a way to hide the images and their location. It is hard to do subscription if users and search engine can find your "subscribed images." If the images can be installed above the public directory, that would be great.
Is there a limit to the number of images in ZenPhoto?