[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Message from Kevin Guthrie, JSTOR's President



Dear colleagues, 

Just comments on a couple of points raised in this thread.

> Date: Wed, 11 Dec 2002 18:50:10 EST
> From: Phil Davis <pmd8@cornell.edu>
>
> Whether our not our
> patron cares about his or her rights, the library cannot be put in the
> position of sacrificing them in name of protecting publishers against
> random acts of abuse.  When they do happen, the publisher is the first to
> deal with the issue, and the library has always assisted in closing
> loopholes.

Yes, there are obvious measures publishers may implement as methods to
refuse accesses from open and anonymous proxy servers. If they want, they
can play with some attributes like HTTP_X_FORWARD_FOR to effectively fend
of such accesses.  That may cause some trouble, but I think it won't be a
big thing. Anyway, permitted IPs are all written in Agreement.  Some nasty
people may try to dodge through checking method, but now you can identify
who are at fault.

> Date: Thu, 12 Dec 2002 18:31:24 -0500 (EST)
> From: Ann Okerson <ann.okerson@yale.edu>

> Thus, we need to understand better where the problems with IP
> authentication lie (in this case, the discussion is about open proxies)
> and work together to overcome them.  Credentials is one way.  Education 
> is another.  

The answer is straightforward to me. What is the university for? It's for
education. Even with ill-mannered use of electronic materials, education
will be expected to be the means to correct such manners, though, of
course, if your open proxies are utilized from outside, that's another
story.

In a credential way, we can ask walk-in users just like we do with usual
library services. I can't imagine a library that is wide open the public
and has no check with anybody. When a library provides dhcp or mobile
access for restricted users, the server may check the MAC address of
user's registred machine to authenticate to see if it is proper access.

Concerning the privacy issues, I think all logs should be deleted after
taken suitable stats.

I'm not a techie, but I believe that these ideas are familiar in Japan. 

---
Kazuo YAMAMOTO <yamamoto@lib.u-tokyo.ac.jp>