How Athens Works

At the simplest level, Classic Athens is a managed directory of usernames with librarian focussed tools to manage them. Over 300 premium content vendors of subscription material on the web recognise Athens usernames and trust organisations to allocate rights to their material using Athens. This allows an organisation to issue a single username for access to all the Athens protected resources to which they subscribe; the usernames are independent of IP address so can be used from any location.

Athens Local Authentication allows an organisation that already has its own set of usernames and passwords to use these in real time for access to Athens protected resources. Athens offers a choice of protocol to connect these directories – AthensDA, SAML or Shibboleth.

How user login works

When the user goes to the home page of any Athens protected resource, there will be a link for Athens login. This takes the user to the Athens Authentication Point with a designated return URL. For classic Athens organisations the username and password are checked by Athens directly, Athens Local Authentication users are routed to their home organisation for authentication. Once successfully authenticated, the user is returned to the designated return URL with an authentication token, and a user identifier. Athens agent tools can then be used to determine whether the user is entitled to access the resource. A common method is to obtain the Athens organisation identity of the organisation who issued this username. This is used to reference the resource subscription database, in a similar manner to an IP address check. If the resource owner decides that the user is permitted to access his resource, the user will be allowed access.

As Athens is also a single sign-on system, a browser session cookie with an eight hour lifetime will be stored in the user’s browser. If the user then goes to another Athens protected resource, the cookie will be checked and the user will not be required to type in the username and password again.

All this chit-chat happens invisibly to the user; all that the user sees is a link, a login form the first time round, then the resource itself.

For more technical detail, see Athens SSO Architecture and the DSP Integration Guide.

User management tools

The Athens Administrator Interface provides a range of tools to manage users; the tools are aimed at librarians; there is no special software to download as they are all web browser based, the only technical ability necessary is the ability to use a web browser.

Users can be created manually, by self registration or by bulk upload. Guides describing these processes are available on the Athens web site at www.athensams.net.
Usernames are intended to be used by a single individual – the terms& conditions explain this – see /user_terms.pdf
Usernames are protected primarily by expiry date – the default is eighteen months, but should be set by the administrator appropriately for each category of user.
Administrators create sets of resources, called permission sets, for each category of users that they wish to establish. Users may be allocated multiple permission sets, or just one.
Users can be set up in different groups, with different characteristics eg different expiry dates or different sets of resources.
Statistics can be run on all users, individual users or groups of users. See the Statistics Guide for more information.

Trust federation

Within the Athens, there is a three way trust relationship between the organisation, the vendor and Athens. Athens is not involved in the decision or pricing of an organisation purchasing a vendor product. That’s entirely between the organisation and the vendor. However if the organisation wishes to use Athens for access, they must request this from the vendor. The vendor will then inform Athens that this organisation is entitled to access its resource, and Athens will make the resource available to the administrator for allocation to appropriate permission sets. Note that Athens only takes instructions on resource access from the vendor – not the organisation.

Trust is vested in the Athens administrator with strict terms & conditions, and access restricted by username, password and IP address.