目前國內的大學及學術機構對提供的保護性線上資源，如全文電子期刊、電子資料庫、電子書、數位教學資源及研究用數據資料庫等購買的或自建的電子資源，如何達方便存取與易於管理，似乎還沒有很好的對策。目前國內的做法為：1、在校園的IP範圍內使用，其出了校園便無法使用；2、使用IP限制，校園外則用proxy伺服器，此方法是有技術性的；3、使用虛擬私有網路連線 (Virtual Private Network)，此種方法針對不同資源要分別登入; 4、使用共用的密碼 (‘Shared’passwords)，此方法密碼容易外洩而威脅到資源的安全；5、針對不同資源，使用者分別註冊密碼，此方法使用者隱私容易外洩且恐有身份不實的問題。
為了改善上述的電子資源存取管理問題，英、美等國所發展的Shibboleth存取管理系統，已漸漸被很多已開發國家使用。Shibboleth是一個依據標準的開放源碼套裝軟體，以提供機關內或跨機關間的網頁單一登入（Web Single SignOn，簡稱SSO）及屬性交換的架構，容許網站對個人存取保護性線上資源時，使用單一及單位所控制的辨識法，並以保護隱私的方式作確認性的授權決定，讓使用者無接縫的去存取內部與外部的資源，以減少現行使用者在使用不同領域的多種資源時，必須局限在一個校園或要去維護多個密碼，並為身份提供者及服務提供者簡化了身份管理及存取許可。

本研究：1、參加澳洲測試聯盟(Meta Access Management System)，並在中央研究院地球科學研究所建置身份管理系統，同時邀請Elsevier出版商為資源提供者，以實際測試聯盟的運作方式，並瞭解其在數位環境下的認證與授權機制及分析其效益；2、從英、美、澳洲及瑞士的聯盟網站去探討其聯盟的組織、所採用的技術與政策；3、以上述兩項為基礎規畫一個適合臺灣的聯盟存取管理系統。

ABSTRACT
As of this writing, no academic institution or higher learning in Taiwan has a demonstrable solution for access management for the many diverse and usually proprietary electronic resources they provide for users. Such resources are generally known as full texts of electronic journals and books, electronic databases, e-learning resources, and autonomously established institutional databases among many others. At present, there are five methods to access electronic resources in Taiwan. The first uses a typical IP address. This method has its advantages; however, the restriction cannot meet the increasing need for off-campus access by users. Second, an IP address restriction using a proxy-server is available whereby with the help of an intermediate server. This method is unfortunately technically challenging for users. Third is a Virtual private network (VPN) method which has yet to be fully evaluated. Fourth, a set of shared usernames and passwords, this method is easily compromised and threatens the security of a resource host. Finally, there is separate individual registration for individual resources. Some users might not be willing to reveal their identities to the resource providers or identity theft could happen by this way.
In order to solve the electronic access problems mentioned above, Shibboleth has been developed in U.S.A. and the U.K. and has become an emerging solution for access management of electronic resources in a growing number of developed countries. The Shibboleth system is a standard based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.
In order to implement the Shibboleth system, this study joined a test-bed federation in Australia called MAMS (Meta Access Management System) and set up an identity provider in Academia Sinica. At the same time a publisher, Elsevier, was invited to join MAMS as a resource provider. By joining MAMS federation, and the deployment of an IdP, the author tries to understand how a federated system is operated and how the mechanism of authentication and authorization is used and to what effect as an evaluation of its efficiency and performance. The second important method of this study was to compare the organization structures, technologies and policies adopted by four federations: InCommon (USA), UK Federation, Australian Federation, and SWITCHaai (Switzerland). The practical implementation and the comparison lead to simulate a federation system model in Taiwan for future reference.

參考文獻
中文文獻
中央研究院 (2010)。中央研究院圖書館服務︰電子期刊。上網日期︰98年12月23日，檢自︰HHUUUUUUhttp://www.sinica.edu.tw/ /ejournal/ej1.htmUU

中央研究院 (2010)。中央研究院圖書館服務︰線上資料庫。上網日期︰98年12月23日，檢自︰HHUUhttp://www.sinica.edu.tw/database/database1.htmlUU

王梅玲 (2000)。電子資源對圖書館資訊組織工作的挑戰。書苑，45，54-67。
交大圖書館(2010)。交大圖書館公告：EZProxy校外使用圖書館資源超EZ。 上網日期: 民國99年1月10日，檢自HHUUhttp://blog.lib.nctu.edu.tw/index.php?op=ViewArticle&articleId=10992&blogId=14UUHH)
李相臣等 (2008)。如何避免資安危機=How to face the information security threats。臺北市：國研科技政策研究中心，143頁。
林明宏 (2001)。廿一世紀資訊中心：數位圖書館。書苑，47，頁40。
林彥明 (2005)。利用LDAP整合Apache網頁驗證。上網日期2010年1月8日。網址：HHUUhttp://linux.vbird.org/somepaper/20060111-ldap_and_apach_auth.pdfUUHH
陳昭珍 (2000)。二十一世紀電子圖書館的發展趨勢。國家圖書館館刊，頁89。
國家圖書館輔導組 (2009)。大專院校圖書館。在中華民國九十八年圖書館年鑑 ，頁134。台北市：國家圖書館。
數位典藏與數位學習國家型科技計畫 (2009)。計畫簡介。上網日期：民國98年12 月23日，檢自HHUUhttp://teldap.tw/Introduction/introduction.phpUUHH

西文文獻

Athens (2010). Access & identity management. Retrieved Jan. 25, 2010, from
HHUUhttp://www.athens.ac.uk/UUHH
Australian Access Federation (2009). Australian Access Federation Inc. Constitution. Retrieved Jan. 10, 2010，from HHUUhttp://www.aaf.edu.au/wp-content/uploads/2009/11/AAF-Incorporated-Constitution-19-June-09.pdfUU
Australian Government (1988). Australian Privacy Act 1988，Retrieved Jan. 2, 2010,from HHUUhttp://www.efa.org.au/Issues/Privacy/privacy.htmUU
Australian Access Federation (2010). Australian Access Federation：providing trusted access to services, resources and people. Retrieved Jan. 12, 2010, from HHUUhttp://www.aaf.edu.auUU

Carmody, S. (2001). Shibboleth overview and requirements. Retrieved Jan. 9, 2010, from HHUUhttp://shibboleth.internet2.edu/docs/draft-internet2-shibboleth-requirements-01.htmlUU
Chang, N. (2009). Federated access management for electronic resources： the Taiwan experience, the 7th International CALIBER-2009, Pondicherry University, Puducherry, February 25-27, 2009, India, pp.409-413

DAASI (2009). Authentication and authorization with Shibboleth. Retrieved Jan. 16, 2010, from HHUUhttp://www.daasi.de/info/shibboleth-e.htmlUU

Davies, C. and M. Shreeve (2007). Federated access management: international aspects, Curtis+Cartwright Consulting Ltd., pp. 1-96.
de Vries, A. (Nov. 27, 2009). E-mail communication with Ale de Vries, Elsevier’s Senior Product Manager, Platform & content.
Eprints (2008). Open access and institutional repositories with eprints. Retrieved Jan. 16, 2010, from HHUUhttp://www.eprints.org/UU
FEIDE (2010) LDAP used in Feide. Retrieved Jan. 1, 2010, from HHUUhttp://docs.feide.no/guide-0002-1.0-en.html#txt-0055-schemaUUHH
Garibyan, M. (2007). Building a national federated access management infrastructure
(the U.K. experience), the ITE 2007 Conference in Yerevan, 21-23 May 2007.

Gourley, D. (2003). Library portal roles in a Shibboleth federation, Washington Research Library Consortium, 8 p. Retrieved Jan. 9, 2010, from HHUUhttp://shibboleth.internet2.edu/docs/gourley-shibboleth-library-portals-200310.htmlUU

InCommon (2008). Foundations for federation: UCTrust builds its system-wide federation on top of InCommon. Retrieved June 25, 2008, from HHUUhttp://www.incommonfederation.org/docs/eg/InC_CaseStudy_UCTrust_2007.pdfUU
InCommon (2008). InCommon makes sharing protected online resources easier. Retrieved Jan. 8, 2010, from HHUUhttp://www.incommonfederation.org/UU
InCommon (2008). Federation：Participant operational practices. Retrieved Jan. 23, 2010, from HHUUhttp://www.incommonfederation.org/docs/policies/incommonpop_20080208.html。UU
InCommon (2009). InCommon now serves 4 million on U.S. campuses. Retrieved Jan. 8, 2010, from HHUUhttps://spaces.internet2.eduUU
Internet2 (2008). Shibboleth: a project of the Internet2 middleware initiative. Retrieved July 5, 2008, from HHUUhttp://shibboleth.internet2.edu/UU
Internet2 (2010). InCommon. Retrieved Dec. 26, 2009, from HHUUhttp://www.incommon.orgUU

JANET (2010). The UK Access Management Federation for education and research. Retrieved from Dec. 26, 2009, from HHUUhttp://www.ukfederation.org.uk/UU
JISC (2008). Sherpa. Retrieved June 21, 2008, from
HHUUhttp://www.sherpa.ac.uk/UUHH
JISC (2005). ShibboLeap. Retrieved June 20, 2008, from
HHUUhttp://www.angel.ac.uk/ShibboLEAP/UUHH

JISC (2006). Shibboleth: connecting people & resources briefing (version 2). Retrieved June 23, 2008, from HHUUhttp://www.jisc.ac.uk/publications/publications/pub_shibboleth.aspxUU

JISC (2008). Connecting people to resources: federated access management: JISC guide for institutions (version 3). Retrieved Jan. 16, 2010, from HHUUhttp://www.jisc.ac.uk/media/documents/publications/bpfaminstitutionsv3.pdfUU

JISC (2008).U.K. federated access management. Retrieved Jan. 16, 2010, from, HHUUhttp://www.jisc.ac.uk/federationUU
This Klingenstein, N. (2008). Shibboleth 2.0: finally. Trans-European Research and Education Networking Association, TNC 2008 at Bruges, Belgium, May 20, 2008. Retrieved June 15, 2008, from HHUUhttp://tnc2008.terena.org/core/getfile.php?file_id=401UU
LSE (2007). Shibboleth at LSE. Retrieved June 24, 2008, from HHUUhttp://www.angel.ac.uk/ShibbolethAtLSE/index.htmlUU

Lynch, C. (1998).A white paper on authentication and access management issues in cross-organizational use of networked information resources. Coalition for Networked Information. Retrieved June 20, 2008, from HHUUhttp://www.cni.org/projects/authentication/authentication-wp.htmlUU

MACE-Dir working group (2005). The enterprise directory implementation roadmap, 33 pp. Retrieved Jan. 16, 2010, from HHUUhttp://www.nmi-edit.org/roadmap/dir-roadmap_200510/index-set.htmlUU
McLean,N.(2000).Matching people and information resources: authentication, authorization and access management and experiences at Macquarie University, Sydney. Program, 34, 239-225.
Macquarie University – Sydney (2008). MAMS: Meta Access Management System :Testbed Federation. Retrieved June 29, 2008, from HHUUhttp://www.federation.org.au/FedManager/jsp/index.jspUU

Novakov, I. (2008).Using LDAP with Shibboleth identity provider 2.x, CESNET technical report 12/2008. Retrieved Jan. 8, 2010, from HUHUhttp://www.cesnet.cz/doc/techzpravy/2008/ldap-with-shibboleth-idp-2/ldap-with-shibboleth-idp-2.pdf

NSF Middleware Initiative (2006). The enterprise authentication implementation roadmap. 34 pp. Retrieved Jan. 17, 2010, from UUhttp://www.nmi-edit.org/roadmap/draft-authn-roadmap-03/

Smedinghoff, T.J. (2009). Federated identity management: balancing privacy rights, liability, risks, and the duty to authenticate. Retrieved Jan. 2, 2010,from HHUUhttp://papers.ssrn.com/sol3/papers.cfm?abstract_id=1471599UU
SWITCH (2008). AAI service agreement. Retrieved from Jan. 2, 2010, from
HHUUhttps://www.switch.ch/aai/docs/AAI_Service_Agreement.pdfUUHH
SWITCH (2004). AAI-authentication and authorization infrastructure：exhibit 3 AAI policy. Retrieved Jan. 12, 2010, from HHUUhttp://www.switch.ch/aai/UUHH
SWITCH (2007). AAI attribute specification. Retrieved Jan. 2, 2010，from HHUUhttps://www.switch.ch/aai/docs/AAI_Attr_Specs.pdfUU
SWITCH (2009). SWITCH: Serving Swiss Universities. Retrieved Dec. 20, 2009, from HHUUhttp://www.switch.ch/aai/index.htmlUU
SWITCH (2004). SWITCHaai Federation and related organizations. Retrieved Jan. 26, 2010, from HHUUhttps://www.switch.ch/aai/docs/AAI_Org_Processes.pdfUU
Terena (2009). Federations. Retrieved Dec. 24, 2009, from HHUUhttps://refeds.terena.org/index.php/FederationsUUHH.
UK Access Management Federation (2007). Rules of membership. Retrieved Jan. 2, 2010, from HHUUhttp://www.ukfederation.org.uk/library/uploads/Documents/rules -of-membership.pdfUU
UK Access Management Federation (2008). Recommendations for use of personal data. Retrieved Jan. 15, 2010, from HHUUhttp://www.ukfederation.org.uk/library/uploads/Documents/recommendations-for-use-of-personal-data.pdfUU
van Halm, J. (1999). The digital library as access management facilitator. Information Services & Use,19, 299-303.