Although vendor-based IP authentication is effective for basi goes, it has turned out to be too inflexible to provide an adequate level of service to Columbia's user community. The specific reason for this stems from the increased use of commercial Internet Service Providers (ISPs) by faculty and students from their off-campus offices and dorms. In fact, Columbia now has a general policy of encouraging faculty and students with off-campus locations to use commercial ISPs to access our campus resources, chiefly because we can no longer support the extraordinary level of demand on our campus modem pool dial-up facilities. To facilitate this we have, in fact, arranged for a special low-cost Internet access service with IBM-ICE for the Columbia community. Looking a little ahead, we also expect the trend toward off-campus network access to our resources to accelerate here and elsewhere as surrounding neighborhoods are wired for ISDN, cable-based modems, and other types of direct Internet access.
Databases and information services using IP-based authentication unacceptably exclude bona fide university users who are connecting via ISPs. When we have in the past licensed resources that were available only with IP-based authentication, we have had loud protests and complaints, especially from faculty.
In 1997 OCLC made a cgi-based "Webscript" authorization option available for accessing FirstSearch on the Web that allowed for "behind the scenes" institutional login to FirstSearch databases specifically for sites that had controlled campus access and authorization systems. RLG then followed suit and adopted the same approach with its Citadel / Web databases. Since Columbia has long used Kerberos for campus authorization and authentication, and since we now also have an effective Web-based link to our Kerberos authentication database, we were able to take advantage of this option from the beginning, with very positive response from our users.
The technical work for implementing a cgi Webscript is fairly straightforward. For us to test this approach with a vendor, we would need a trial account that is password-protected (not IP-restricted), along with a technical contact on your side to provide us information needed to package and 'get' or 'post' login information to your site via a secure cgi script on our system.
Needless to say, databases that allow for Webscript-type authorization are now preferred candidates for addition to our campus information resources as we have had to begin taking this factor into account when entering into new subscriptions and license agreements.
(Columbia has also investigated using a Proxy server for this kind of access, but have concluded that it is technically a very weak approach with unpredictable results, and we do not at present consider it to be an effective overall remote authorization strategy for our campus.)
Stephen Davis, Director of Library Systems, Columbia University Libraries
|
Last revision:
12/15/98
© Columbia University Libraries |