Intranets and IP authentication and bears, Oh my!

Masters, Gary E GEM at CDRH.FDA.GOV
Thu Dec 21 06:49:56 EST 2000


Since I arrived at FDA in April, I have been working to solve a problem with
IP authenticated subscriptions.  The problem is that FDA has only one IP
address  because of the firewall configuration.  If we subscribe to an
engineering service that our center wants (I am in the Center for Devices
and Radiological Health) and have it on our intranet web page, everyone in
FDA can use it.  (There are few outside of our Center who use that data,
since the other centers are food or drugs, but it is difficult to convince a
database vendor that is true.)

Our solution has been to have a list of electronic journals with CDRH use
only.  The journal information with the password is in this list.  Except
for some vendors that will not give out passwords, that has been something
of a solution.

However, since we have a Journals list, a electronic journals list, a
electronic journals with CDRH access only, electronic newsletters, and one
other, there are too many list for people to cope with.  We are putting all
of the list into the database of journals with one entry point.  One list of
all of our journals.  

Then the question is "what to do with the passwords?"

(1) We could subscribe for all of FDA and not bother trying to restrict the
use to our center.  Then we don't need a password. Actually, this is my best
solution for resources that everyone uses.  Then we can get different
Centers to pay part.   But we don't have the budget for that when most are
not interested in our engineering and science resources.  

(2) Put the password next to the title in the unified list of journals with
a statement that "only CDRH personnel can use this data."  The thought is
that since there are other Internet sources that FDA staff are not allowed
to use, that this restriction will be followed.  If this is true, we should
be able to get the vendors to agree to this method to restrict use to just
our Center, as they now agree to our use of the password in a restricted
access listing.  

(3) We could have another way to distribute the passwords.  However, a
significant per cent of the users don't even like passwords and have
difficulty dealing with case sensitive passwords and other related problems.
As long as we have pass words they will be a problem.

(4) We could have a note by each restricted journal stating that "this is
only for CDRH staff" and get the vendor to agree that this is sufficient
security to restrict use to our Center.  Of course this means a negotiation
with each vendor.  One at a time.  And we have a very small staff.  

Someone could tell us how they deal with the problem and we will have a
celebration.  However, I have posted this problem before and have not found
an answer yet.  

My feeling is that publishers are easing up and this is not as much of a
problem as it was before.  If we can not reach an agreement with a vendor,
we do not subscribe.  I think they had rather have a paid subscriber who is
making a good faith effort to protect the materials than nothing.  Is this
an issue that others negotiate with vendors?  But I am not a lawyer and
don't know what they really want.

Suggestions?

We are going to move ahead with the fourth solution, but wish there were a
better way.


		Gary E. Masters
		Librarian (Systems)
		CDRH - FDA
	(301) 827-6893 



More information about the Web4lib mailing list