INASP Cascading Workshop: Electronic Journals and Electronic Resources Library Management: Supply Models
Slide 4: Access and authentication
Access
Regardless of how a supply model is implemented, there are two basic ways that access to network based resources is controlled:
IP Address
Definition: It is probably worth reminding people what IP addresses are and how they might be useful. IP means “Internet Protocol” – in this context it basically relates to the unique address of every computer that is on the Internet. The form of an address is often, e.g., 137.36.222.13 ## - computers usually interpret these (so luckily we don’t have to) but roughly speaking they tell us the particular computer, the local area network (LAN) that it is on, the institution or wide area network (WAN) that it is on and the country code. In many ways these are just like postal addresses – they provide an ID and location of a computer.
Basically, only computers that have the appropriate IP address can access the resource. The suppliers of the database have software that checks the IP address of a computer wishing to access it and check this against an approved list – if they match then access is given, if they don’t then it is refused. IP Address recognition is the preferred access control mechanism from the resource suppliers, as it requires very little administration and can be largely automated. Librarians should like them for the same reasons. This is the most common access control method for large academic type suppliers that would generally only be subscribed to by institutions.
Username and password
Authentication via username and password – simple authentication to check that the username and password match an approved user. This is a common method for resources that have lots of individual subscribers. As “good” as IP recognition but the big problem is that the usernames and passwords need to be administered – this usually creates lots of demands on librarian’s and publisher’s time and resources in dealing with lost and forgotten passwords.
Combination of the above
Most packages do have combined access controls – this usually works with IP authentication to act as the primary mechanism (as most people will be accessing the resource whilst on the University network) and the username/password combination as the mechanism for people who wish to access the resource from outside of the University (e.g. from home, from cyber café, when travelling, etc.). The issue of username/password administration and management is still an issue and needs to be considered carefully.
Pay-per-view
This is something that is available via a number of suppliers and it is probably set to grow. It is usually related to full text services that can be used to access complete documents, articles or data sets. These are sometimes available on a pay-per-view basis = find the article that you want (the search is for free), view an abstract (for free) and then access the complete text for a single payment.
The big problem for pay-per-view in developing countries is that they rely on users having a) the money to pay for the item (usually quite expensive – at least as much as document delivery service) and b) a credit card with which to pay for the item. This will often mean that they are unsuitable for developing country use. It should be noted that these are being strongly driven by developed nations and publisher’s business requirements. It is likely that this is going to be a considerable growth area and when micro-payments are fully developed (payments that are based on an account being automatically debited without the interaction with the user. Also the fee per view is generally accepted to be much lower than current systems (where a large percentage of the fee is based on credit card handling costs)) then this may offer a real solution by providing account based charging systems.
1
Copyright INASP – see: http://inasp.info/training/training-materials-copyright.html for more details. Last updated 28/01/2003