[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Journal of Immunology



For reference, the license agreement is to be found at
http://www.jimmunol.org/subscriptions/terms_inst.shtml
while the Cox Model Standard License for Single Academic Institutions
is to be found at http://www.licensingmodels.com/

John Webb is certainly correct for authorized users that are affiliated to
the institution and have accounts there. For "walk-in users" however,
although they are covered by the license agreement in category (iii), many
institutions will have a problem with the wording used in the cox model
licenses (which is followed very closely by the journal of immunology).
For it is not sufficient that the library's computers "are recognized and
authenticated" by your network, since the definition of the "Secure
Network" in the license agreement requires that Authorized User's (not
computer's) identity is authenticated at the time of login. This means
that the library must have provisions in effect to give walk-in users
guest logins that allow individual identification and authentification; it
is not sufficient to have ip authenticated open access PCs that allow
anonymous local login.

[By the way, could someone (John Cox?) explain what it could mean that
such identity should be authenticated not only at the time of login but
also "periodically thereafter" - periodically means for me "every hour" or
daily or monthly or whatever, or does it rather mean "from time to time"?
I guess the problem behind this cryptic formulation is that someone might
log in and remain logged in forever, when there are no provisions for
re-authentication at a computer that is left unattended for some time
(like password-protected screen savers that come up automatically after
some period of inactivity, or automatic logouts at public terminals).]

Finally, let me note that the relevant passages are also to be found in
the PA/JISC Model Licence for Material Supplied in Electronic Form from
1998 with the only difference that the logically awkward distinction
between walk-in users and "authorised users" is no longer maintained (as
walk-in users are just a special category, "other" authorised users).
The EBLIDA's European Copyright User Platform (ECUP) in 1998 published an
important position paper,

ECUP Position On User Rights in Electronic Publications
http://web.archive.org/web/2000/www.eblida.org/ecup/docs/policy21.htm

[link is to the document in the Internet Archive, since the EBLIDA
server has been reorganized recently and is still in part defunct]

that clearly makes a distinction between "Registered walk-in users by open
registration" and "Unregistered walk-in users" and states that National,
University, and Public Libraries should be allowed to provide access to
the former category of users while the latter user group is said to apply
to a library with a public library function where people can walk in and
out without identifying themselves. It may be open to dispute whether this
covers also university libraries with a public library function, so you'll
have to find consensus with the publisher whether they will allow
unregistered walk-in users or not.

The CLIR/DLF Model License, on the other hand, does not recognize the
concept of registered walk-in users, and does not make use of the concept
of the licensee's "secure network" (although it does provide for different
levels of authentification, like ip addresses, passwords, public
keys/certificates and other developing protocols).

An example of a license agreement with a less explicite (and thus more
easily implementable) definition of "authorised user" and secure network"
is the current (2002) license of Oxford University Press,
http://www3.oup.co.uk/access/InstSiteLicence.pdf

"Authorised User" shall mean an individual who is authorised by the
Licensee to access the Licensee's information services available through
the Licensee's Secure Network and who is (i) affiliated with the Licensee
as a current student, faculty, library patron, employee, or in some other
capacity whereby they are permitted to access such services in the
Licensee's ordinary course of business, whether from a computer or
terminal on the Licensee's Secure Network, or offsite via a modem link to
a valid IP address on the Licensee's Secure Network; or (ii) physically
present on the Licensee's premises;

Secure Network" shall mean a network (whether a stand alone network or a
virtual network within the Internet) which is only accessible to
Authorised Users. A cache server or any server or network which can be
accessed by unauthorised users is not a secure network for these purposes"

OUP's definition of "authorised users" includes unregistered walk-ins but
does not require them to be authenticated in a particular way.
(Remarkably, "library patrons" are recognized on the same par as other
affiliated users and may therefore even allowed remote access if they are
authenticated properly.) the OUP license allows remote access

Bernd-Christoph Kaemper, Stuttgart University Library

John Webb wrote:
> I think you may asume that your university network is secure within this
> definition.  Surely your university network administrator thinks so.
> When you first sit down and turn on or log into your computer at work, you
> are being authenticated in some fashion "consistent with then-current best
> practice and security procedures."  So about the only questions are how
> does the license define "authorized users" and how does the license cover
> the public computers in your library.  It should allow access using the
> Library's public computers by non-affiliated walk-in users of your
> Library. Those computers are also recognized and authenticated by your
> network, even though they don't "belong" to an individual, otherwise they
> wouldn't work. If you don't allow use by walk-in users who aren't
> affiliated, then you have no problem.  The only other issue I can think of
> is wireless.  If you have wireless, I assume your wireless network
> requires authentication.  If it doesn't (which I can't imagine), then
> don't register its IP's, in which case it will be treated as a remote
> site, for which you already require authentication.  I'm at home and don't
> have immediate access to our Journal of Immunonolgy license, but I think
> it fits under all of the above.
>
> John Webb
> jwebb@wsu.edu