[WEB4LIB] Re: Restricting launches to IP-restricted licensed
Walt Crawford
Walt_Crawford at notes.rlg.org
Tue Jan 4 18:18:31 EST 2000
Fascinating discussion, but could it be getting off-point? The question was,
more or less,
If the vendor is using IP authentication, then should the library also be doing
IP authentication?
The only "vendor" response so far is the same as mine would be--noting that I'm
not a lawyer or part of our licensing group--which is to say:
No. (Don't we have a consistent answer here from almost everybody?)
If you're using IP authentication and the vendor has agreed to do the
authentication, then you shouldn't need to do additional authentication.(If
there are vendors who disagree, I'd be interested in hearing why.)
The other question is also worthwhile: that is, should IP authentication be the
only option? Here again, I'd say "no"--but that may be because our (RLG's)
preferred method is to use WebScripted access (Thanks, OCLC). In that case, to
be sure, it's up to the institution to assure that only legitimate users are
getting into the database via the Webscript. Then again, we do use IP
authentication when that's what the institution needs...
The worst case, from a vendor's perspective (and, I suppose, from the
institution's perspective if you want databases to be available) is when neither
the institution nor the vendor is authenticating users. It does happen (not
often, I think), at least until a vendor's testing reveals it.
More information about the Web4lib
mailing list