[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Journal of Immunology

To: liblicense-l@lists.yale.edu
Subject: Re: Journal of Immunology
From: "Bruce E. Matter" <bruce@legalmatter.com>
Date: Wed, 8 May 2002 17:53:01 EDT
Reply-To: liblicense-l@lists.yale.edu
Sender: owner-liblicense-l@lists.yale.edu
Actually, I think that everyone has addressed valid points.  I have worked
on the publisher's side of numerous consortium license transactions, and,
in my experience, many of the objections raised by consortia/libraries can
be attributed to drafting issues.  With all due respect to the Cox model
license, I think that is the situation here.

The following is used to define the term "Secure Network":

"A network (whether a standalone network or a virtual network within the
Internet) which is only accessible to Authorised Users approved by the
Licensee whose identity is authenticated at the time of log-in and
periodically thereafter consistent with current best practice, and whose
conduct is subject to regulation by the Licensee."

I would break this down as follows:

"A network (whether a standalone network or a virtual network within the
Internet) which is only accessible to Authorised Users."

This is the specific language that deals directly with the concepts of a
network and who can access it.  If the network can be accessed by someone
who is not an "Authorized User" then it is not secure.  I'm not suggesting
that the above language is the best or the only language that should be
used, but if you were to eliminate the remaining language from this
specific definition the point would still be made.  Only "Authorized
Users" should be allowed to have access to the network.

Including the element of "approving" an "Authorized User" in the
definition of Secure Network is, in my view, redundant and confusing.  If
one meets the definition of "Authorized User" then one should already be
"approved by the Licensee."

Including the element of authenticating the identity of an "Authorized
User" also, in my view, is redundant and confusing.  This element should
be dealt with elsewhere, perhaps in the definition of Authorized User.
How it is addressed will depend on the nature of the system.  If the
system requires each user to have a personal ID/password, then "at the
time of log-in" language may be appropriate.  Other systems may
contemplate "walk-in" (or similar) users who will not need a personal
ID/password because they are using the licensee's terminals.  In these
situations, the publisher usually does not care about the personal
identity of each individual.  Here the definition of Authorized User may
simply describe a status (student, faculty, walk-in users, etc.) or a
"group" or "class" of people that are "subject to regulation by the
Licensee."  It is also possible for one system to contemplate access
either with or without an ID/password.  For example, students, faculty,
etc. at a university may not need to use an ID/password when accessing the
system on campus (from dorm room or office) but may need to when accessing
via remote dial-up.  Here, again, the license should not confuse
Authorized User status with access/security issues.

Finally, publishers/licensors certainly want licensees to act "consistent
with current best practices."  This concept does not have to be included
in this definition.  It can be stated elsewhere as a very general concept
applicable to the licensee's (and the licensor's for that matter) overall
management of its license obligations, including identification of
Authorized Users, limiting access to the licensed content, upgrading its
system software/hardware, security and other issues.

Now, the disclaimer!  Consortia licensing is very complex and there are
many variations of "model" licenses, and many issues that are negotiated
during any specific transaction that may affect my analysis of the above
provision.  My comments are not intended to be taken as legal advice for
any specific transaction.  Just adding my two cents ....

Bruce

Law Offices of Bruce E. Matter
7315 Wisconsin Avenue
Suite 450 North
Bethesda, Maryland 20814
USA

T: 301-656-2936
F: 301-656-2937
E: bruce@legalmatter.com
www.legalmatter.com
--------------------------------------------------------------------------

--- Original Message---
 To: liblicense-l@lists.yale.edu
 From: Kimberly Parker <kimberly.parker@yale.edu>
 Sent:  5/06/2002 11:42PM
 Subject: Re: Journal of Immunology

>> Since I am one of those here at Yale that Daniel sought advice from, I
>> thought I would chime in here.
>>
>> My problem with the definition of Secure Network as defined in the
>> "Cox-model" license is with the use of the word "identity".
>>
>> "A network (whether a standalone network or a virtual network within the
>> Internet) which is only accessible to Authorised Users approved by the
>> Licensee whose identity is authenticated at the time of log-in and
>> periodically thereafter consistent with current best practice, and whose
>> conduct is subject to regulation by the Licensee."
>>
>> To me, identity means "personal identity" and while we can say that an
>> Authorized User has been authenticated as a member of that *group*, we do
>> not check for personal identities when people are on campus.  The fact
>> that they are using computers on our IP network means they are acceptable
>> as walk-ins.
>>
>> If the word "identity" were changed to "validity" or something of that
>> sort I would be very much happier about the definition.
>>
>> --Kimberly Parker
Prev by Date: Interlibrary loan vs. document delivery
Next by Date: SIIA Updates-May 2002
Prev by thread: RE: Journal of Immunology
Next by thread: Back-up copies next?
Index(es):
- Date
- Thread