Re: Access from publisher?

Subject: Re: Access from publisher?
william.garrity (william.garrity@Dartmouth.EDU)
Date: Tue, 31 Aug 1999 14:11:26 -0400

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Message-Id: <4.2.0.58.19990831134125.00a19470@blitzen.dartmouth.edu>
Date: Tue, 31 Aug 1999 14:11:26 -0400
To: arl-ejournal@arl.org
From: "william.garrity" <william.garrity@Dartmouth.EDU>
Subject: Re: Access from publisher?
In-Reply-To: <0CAA59BF4677D211904D00A0C9EA3676460186@dungeon.library.caltech.edu>

On Mon, 30 Aug 1999, George Porter <george@library.caltech.edu> wrote:
>
> On Mon, 30 Aug 1999, Anke de Looper <Anke.DeLooper@benjamins.nl> wrote:
> >
> > 1) Libraries seem to favor IP-controlled access over passwords. Is that
> > so, and why? I thought passwords would allow greater flexibility in
> > offering access to patrons even if they are off-site. Also, IP
> > authentications is problematic (see ARL-EJOURNAL messages in
> > February about JANET cache).
>
> As noted previously, although it can NOT be reiterated too often,
> usernames and passwords are a major headache for librarians to
> distribute in anything approximating a secure manner. In addition,
> user behavior indicates that seemingly very minor hurdles are, in
> practice, huge barriers to access. Users would like to discover a
> direct link from wherever they first hear of an article to the
> article proper. Each step which intervenes has a negative effect
> on follow through with attrition rates of 25% or more. (Percentage
> generated from thin air for purposes of illustration only -- use at
> your own risk!) You do the math, whether you choose 10% attrition
> or 50% attrition for each step, the fall off from potential audience
> for an article to actual audience declines significantly with each
> click. Throw in a side trip to the library's website or catalog to
> retrieve a username and password, instead of proceeding directly from
> a link in an email message or a URL in a printed article, and you
> have seriously damaged the economic value of mounting the article
> on the web in the first place.
>
> > 2) Do libraries (prefer to) download an issue of an electronic journal
> > once, to offer access to patrons from a local server, or is the
> > issue/document downloaded from the publisher's server by each
> > patron in turn? Does this depend on what the publisher allows?
>
> Library preferences are much harder to pin down than user behavior.
> Huge consortia, like OhioLINK, have the efficiencies of scale to support
> the massive servers and additional system staff necessary to mount local
> versions. Their pay off is in guaranteed and more responsive access.
> Individual libraries may not have the technical skills, staffing,
> infrastructure (pick as many as you want) to accomplish this end.

Dartmouth does not favor IP-controlled access over passwords.

I've been lurking in this discussion but have to jump in and opine
that we need to do better than IP-controlled access, if for no other
reason than that it is problematic for off-site users. (At Dartmouth,
many members of our academic medical center community are off-site;
various users across the whole College connect to Dartmouth via
various ISPs.)

We have implemented a solution -- Kerberos -- that in the ideal
instances (which are many), gives single sign-on authentication
and authorization for a variety of services (e.g., email) and
resources (e.g., information resources from the library). Users
are authenticated against the College's name directories and then
authorized for access as appropriate -- one sign-on can credentialize
the user for a variety of services and resources.

See http://www.dartmouth.edu/~kerberos/; see also
http://web.mit.edu/kerberos/www/ and
http://www.contrib.andrew.cmu.edu/~shadow/kerberos.html. There
is also a good article in Scientific American -- Author: Schiller,
Jeffrey I. Title: Secure distributed computing. Augmented Title:
noting MIT Athena project and Kerberos authentication system Source:
Scientific American v. 271 (Nov. '94) p. 72-6

Statements that usernames and passwords aren't favored versus
IP-controlled access... well, it depends. With the right tools,
you can make one sign-on persist for multiple purposes.

B

_________________________________________________________________
William F. Garrity Director of Biomedical Libraries
603/650-1662 Dartmouth College and Dartmouth-
603/650-1789 (fax) Hitchcock Medical Center
603/650-8500 (page 1662) 6168 Dana Biomedical Library
william.garrity@hitchcock.org Hanover, NH 03755-3880
william.garrity@dartmouth.edu
http://www.dartmouth.edu/~biomed/

This archive was generated by hypermail 2a16 : Mon Dec 20 1999 - 18:02:16 EST