RE: Message from Kevin Guthrie, JSTOR's President (LONG)

[Phil Davis <pmd8@cornell.edu>]

Any form of authentication based on a virtual identity has some risk of
fraud.  Like Rick Anderson states, we need to take "reasonable measures".  
Our first generation Library Gateway was based on user-names and
passwords.  And while we took "reasonable measures" to keep these accounts
within the Cornell Community, we were sure that many of them left the
country.  As long as the publisher is willing to work with their clients
to reduce the risk of abuse, there doesn't appear to be a good-enough
argument to revamp our authentication methods, or turn the library into a
police state.

--Philip Davis
pmd8@cornell.edu

At 07:36 PM 12/9/2002 -0500, you wrote:
> > The real issue
> > immediately before all of us, who have relied increasingly on IP
> > authentication, is whether we can strengthen that authentication or
> > whether it is on its final legs as we need to move to a different method
> > in order to keep our contractual obligations to information providers.
>
>Either way, we all need to be certain that we're not promising more than
>we can deliver in the license agreements we sign.  It would be foolhardy
>for any library to guarantee the security of a publisher's proprietary
>content; the best we can do is take "reasonable measures" to safeguard it.
>(And by the way, if you're reviewing a license agreement and want a good
>model of "reasonable measures" language, just look in the section that
>describes the licensor's obligations!)
>
>-------------
>Rick Anderson
>rickand@unr.edu