web proxy for off-site users?

[lydia]

Does your site provide any kind of proxied access to IP-restricted
resources for users who are outside your domain? If so, what software
solution have you chosen and what is its basic security model? I
suspect there are other institutions whose needs are close to those we
have at Harvard, and I'd like to accumulate more information about how
well various implementations have answered those needs.

Our current proxy solution involves proxying only those resources on
our site that are IP-restricted, routing them through a cgi script
that establishes connections to a separate proxy server (running on a
different port of the machine that houses the webserver). The care and
feeding of this system has proven ever more impracticable (gory
details available upon request), and now we're looking at the more
traditional proxying options in the hope of cutting down the
developmental time drain. Browser-set proxying may turn out to be our
simplest alternative. So I'm interested in how different institutions
are approaching the question, and (a biggie for us) what kinds of
security decisions they're making. A centralized authentication
solution for the entire institution, like Kerberos, is unfortunately
not a viable option here.

Thank you for any information you can provide. 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-
 Lydia Ievins                       lydia_ievins at harvard.edu
 Office for Information Systems     617/495-3724
 Harvard University Library 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-