Earlier this year the STM Association — a trade association for academic and professional publishers — started a project called RA21: Resource Access in the 21st Century. The project is a renewed approach to moving past network address recognition and proxy agents as a way of authenticating access to licensed content. I describe the RA21 effort in general on the Index Data blog and listed some of the potential impacts on the FOLIO project.
Last month’s HathiTrust newsletter had an interesting technical tidbit at the top about access to out-of-print and brittle or missing items:
One of the lawful uses of in-copyright works HathiTrust has been pursuing is to provide access on an institutional basis to works that fall under United States Copyright Law Section 108 conditions: works in HathiTrust that are not available on the market at a fair price, and for which print copies owned by HathiTrust member institutions are damaged, deteriorating, lost or stolen. As a part of becoming a member, institutions are required to submit information about their print holdings for fee calculation purposes. We have also been requesting information about the holdings status and condition of works, to facilitate uses of works where permissible by law (specifications for HathiTrust holdings data are available at http://www.hathitrust.org/print_holdings).
One of the great things about the Shibboleth inter-institution single sign-on software package is the ability for the Identity Provider to limit how much a Service Provider knows about a user’s request for service. (Not familiar with those capitalized terms? Read on for definitions.) But with this capability comes great flexibility, and with the flexibility can come lots of management overhead. So I was intrigued to see the announcement for an online webinar from the InCommon Shibboleth Federation with the title “The Challenges of User Consent” covering the issues of managing who gets access to what information about users.
Stu Hicks, one of OhioLINK’s systems engineers, told the OhioLINK staff last night about a new program at Microsoft called DreamSpark. Through this program, post-secondary students around the world who are attending accredited schools or universities can download free of charge. At the time and place this post is being written, the list of software is:
- Visual Studio 2008 Professional Edition
- Windows Server 2003 Standard Edition
- SQL Server 2005 Developers Edition
- Expression Studio
- XNA Game Studio
- Visual Studio 2005 Professional Edition
- Visual C# 2005 Express Edition
- Visual C++ 2005 Express Edition
Building on the shoulders of others — isn’t that how that quote goes? There has been a stack of printouts on my desk for a while now for various access management and service provisioning technologies. Rather than keep the paper, I’m putting the list here so I know how to get back to them if/when I need to. (Of course, along the way if you’d like to comment on them or suggest others to look at, please feel free to do so in the comments.) Note, too, that by listing them here I’m not proposing, or even sure if, all of these pieces come together to a coherent structure.
Mike Teets of OCLC and I teamed up to write an article on Metasearch Authentication and Access Management for this month’s D-Lib Magazine. The first part of the article is a bit of a primer on access management techniques followed by a survey and analysis of access management schemes in use last year. The key part, I think, is the “Recommendations” (access restrictions by IP address plus authenticated proxy servers is the best one can hope for right now) and “Next Steps” (Shibboleth is superior to other access control mechanisms beyond IP/proxy that one might consider, but there is lots of work to be done).
OhioLINK is seeking candidates to fill a newly-created position: Systems Engineer – Access Manager. This position will work with other OhioLINK staff in providing support of daily operations and will serve a primary role as Access Manager. As Access Manager, this position will support users who are experiencing access issues to OhioLINK’s databases and services including IP management, remote authentication, Shibboleth implementation, and analyzing networking issues.