First Search Login-- Clarification about security

[Mack Lundy]

Bill Drew writes:

>What OCLC should have done is to allow access by domain name.  
>That is how Britannica Online and many other vendors do it.

Peter C. Gorman writes:

>Amen! Login/passwords may work for individual access, but they're 
>a terrible way to provide access for a large group of users, like 
>a campus. It's needlessly complicated for the user, and insecure 
>as well.

I would like to point out that validation by domain is only good 
when everyone is coming from a known set of domains.  I don't know 
about the rest of the country, but in Virginia we are seeing 
educational institutions outsourcing Internet services.  This is 
on top of faculty and students who have already contracted with an 
ISP.  They expect to be able to access, from off-campus, 
everything they can access on campus.  We can't do ip validation 
in this situation.  The problem becomes even worse if access to a 
service such as Britannica Online is through a consortium; now you 
have lots of domains and who knows how many possible ISPs 
providing Internet access.

A possible solution lies in the use of a proxy server.  Of course 
now someone has to figure out how to authenticate a user at the 
proxy server point.  And back to the problem with being in a 
consortium, how do you build a user database at the state level 
when there are legal prohibitions against sending user information 
off campus.

Unfortunately, right now there doesn't seem to be one solution 
that will meet everyone's needs.

Mack


Mack A. Lundy III		e-mail: mack at mail.swem.wm.edu
Library Systems Manager		voice:  757-221-3114
Swem Library			fax:	757-221-2635
College of William and Mary
PO Box 8794
Williamsburg, VA 23187-8794