[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Message from Kevin Guthrie, JSTOR's President

To: liblicense-l@lists.yale.edu
Subject: RE: Message from Kevin Guthrie, JSTOR's President
From: David Goodman <dgoodman@phoenix.Princeton.EDU>
Date: Tue, 10 Dec 2002 17:27:53 EST
Reply-To: liblicense-l@lists.yale.edu
Sender: owner-liblicense-l@lists.yale.edu

As I understand it, the solutions proposed by Kevin would eliminate the
possibility of walk in users. Many of us have fought long and successfully
to have these users permitted on our licenses. We are all replacing or
supplementing print resources with electronic ones. It would not make
sense to permit those authorized to have access to our libraries (and, in
some universities, paying considerable sums for the privilege), not being
able to access the most important resources. Some (public) universities
may be legally required to provide all their users access to all their
resources.

There are perhaps some work arounds: it might be possible to give walk in
users temporary user names, possibly through specific library machines
configured to do this in a manner hidden from the user.

As I understand it, a server can determine many things about the
characteristics of the browser accessing it. Can it determine if the
browser is running on a machine that is itself set up as a server? If so,
it would possible to deny access except for machines on a list of
authorized proxy servers.

I would certainly imagine that those more technically knowledgeable than I
should be able to think of other solutions. I think the extent of the
problem may be serious enough to require more directed action than has
previously been considered reasonable. We should ensure our efforts do not
however impair the positive use of the resources by the entire user
community.

My personal opinion only, of course. David Goodman

___

On Tue, 10 Dec 2002,
Phil Davis wrote:

> Any form of authentication based on a virtual identity has some risk of
> fraud.  Like Rick Anderson states, we need to take "reasonable measures".
> Our first generation Library Gateway was based on user-names and
> passwords.  And while we took "reasonable measures" to keep these accounts
> within the Cornell Community, we were sure that many of them left the
> country.  As long as the publisher is willing to work with their clients
> to reduce the risk of abuse, there doesn't appear to be a good-enough
> argument to revamp our authentication methods, or turn the library into a
> police state.
>
> --Philip Davis
> pmd8@cornell.edu

Prev by Date: FW: Science.gov is launched
Next by Date: RE: Message from Kevin Guthrie, JSTOR's President
Prev by thread: IP authentication, etc
Next by thread: RE: Message from Kevin Guthrie, JSTOR's President
Index(es):
- Date
- Thread