[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: EB online

Hi, David -

This situation is not unique, we license several products, including EB,
which control access only by IP address authentication.  It is up to us to
validate dial-in users, and we do.  I tend to agree with EB on this issue.
It is obviously not practical for a company to validate my users
individually, so if they are going to control access by user id/password,
the best they are going to be able to do is issue one user id/password for
each of my campuses.  This isn't security, and the company's concern that
these campus-level userids/passwords would be freely passed around to
unauthorized users is well-founded, in my opinion.

Providing secure dial-up access doesn't have to cost an institution
anything.  It is possible to do deals with commercial ISPs, at least in my
part of the country, which provide that the ISP will allocate a specific
pool of IP addresses for an institution.  The account is paid for directly
by the user, and all the administration, help desk support, etc. is
provided by the ISP.  All the institution has to do is agree to send all
of its students and faculty who want a dial-up account to the ISP.  So,
for example, when a student from Partyhearty U. shows up at Websurfer Inc.
to get an account, she identifies herself as a PU student and the ISP
gives her a user id/password which links her to the PU pool of IP
addresses.  All I have to do to insure that student's access to EB and
everything else is make sure that pool of addresses has been provided to
EB and the other vendors.

George Rickerson, Director Library Systems Office
University of Missouri
615 Locust Street #200
Columbia, MO 65211
573-882-7233                          573-882-6107 fax

> -----Original Message-----
> From: David Carlson [mailto:dcarlson@bridgew.edu]
> Sent: Thursday, October 22, 1998 9:01 PM
> To: liblicense-l@lists.yale.edu
> Subject: EB online
> Not sure this is the right issue for this list but let's give 
> it a shot. 
> We noticed in a recent promotional email communication from 
> Encyclopedia
> Britannica a promotional statement that the academic 
> community of users on
> a campus with EB online have home access to EB online 
> available to them.
> We had been unaware that this was a component of our access 
> to EB online
> so we contacted them. We learned that to offer home access EB requires
> that the library or campus have a secure server which would provide
> authentication of users, via a student ID for example, so that only
> registered users would be allowed in. I'm sure there are some 
> schools that
> have such servers, but I think our campus is more typical -- 
> we don't have
> such authentication.
> We pursued the conversation with EB a bit suggesting that they provide
> some sort of password-based access. No deal. The message we got was a
> concern that any such account/password would surely appear 
> posted on a web
> page the next day for all to see and use -- nothing doing.
> We are wondering how to respond and if to pursue this with 
> EB. We'd very
> much like to offer our campus home access for obvious reasons. We also
> have this notion that if EB includes such permission, we are 
> paying for it
> and we should be able to offer it. We feel like EB's requirement of a
> secure sever isn't reasonable and while their security concerns are
> certainly valid, there are other reasonable solutions. For example, we
> offer home access to our EbscoHost full text databases on the basis of
> ID/password. To my knowledge, we've had no abuses but if we 
> do, we will
> immediately change things and see if we can identify the source of the
> problem.
> I know many libraries have licensed EB online; I'd be curious 
> to know if
> others are offering home access to and reactions to our 
> perspective on the
> issues.
> Thanks.
> -----
> David Carlson, Director of Libraries
> Bridgewater State College
> Bridgewater, MA  02325
> E: dcarlson@bridgew.edu
> V:  508/697-1256
> Fax:  508/697-1349