Intranets and IP authentication and bears, Oh my!

Stacy Pober spober at manhattan.edu
Tue Jan 30 16:53:44 EST 2001


I'm just catching up on my email, so you might have solved this problem
by now...but if not: 

Are all the subscriptions for CDRH on an IP recognition system?  Is the
CDRH on its own subnet on your site's LAN?  If so, one thing you could
consider is to have only the subnet at the CDRH as the range of IP
addresses that is listed for access to those subscriptions.  This way,
users at other centers would not have access.  

If you want people to get off-site access and you don't want to issue
all the CDRH users the login/password, it becomes a bit more sticky but
not necessarily impossible.

You probably have an automated circulation system.  If it's flexible
enough to allow this, you might be able to arrange it so that the
barcode numbers of the CDRH patrons all fall within a certain range. 
Then you can locally authenticate these users with a URL rewriting proxy
such as EZproxy.  

OR, if your circulation system allows it, you can designate the CDRH
patrons as a separate class.  Then get a file of the CDRH patrons and
use that as the list of barcodes as the authorized users that the proxy
server will allow access.  The proxy server can be given a single IP
address that is the only one authorized for those particular e-journal
subscriptions.

Hope this helps!
Stacy

> From: "Masters, Gary E" <GEM at CDRH.FDA.GOV>
> To: "'web4lib at webjunction.org'" <web4lib at webjunction.org>
> Subject: Intranets and IP authentication and bears, Oh my!
> Message-ID: <8FCEAA20D729D41190EC0000F89CB7BC04815CDD at DRM556.CDRH.FDA.GOV>
> Content-return: allowed
> MIME-version: 1.0
> Content-type: text/plain
> 
> Since I arrived at FDA in April, I have been working to solve a problem with
> IP authenticated subscriptions.  The problem is that FDA has only one IP
> address  because of the firewall configuration.  If we subscribe to an
> engineering service that our center wants (I am in the Center for Devices
> and Radiological Health) and have it on our intranet web page, everyone in
> FDA can use it.  (There are few outside of our Center who use that data,
> since the other centers are food or drugs, but it is difficult to convince a
> database vendor that is true.)
> 
> Our solution has been to have a list of electronic journals with CDRH use
> only.  The journal information with the password is in this list.  Except
> for some vendors that will not give out passwords, that has been something
> of a solution.
> 
> However, since we have a Journals list, a electronic journals list, a
> electronic journals with CDRH access only, electronic newsletters, and one
> other, there are too many list for people to cope with.  We are putting all
> of the list into the database of journals with one entry point.  One list of
> all of our journals.
> 
> Then the question is "what to do with the passwords?"
> 
> (1) We could subscribe for all of FDA and not bother trying to restrict the
> use to our center.  Then we don't need a password. Actually, this is my best
> solution for resources that everyone uses.  Then we can get different
> Centers to pay part.   But we don't have the budget for that when most are
> not interested in our engineering and science resources.
> 
> (2) Put the password next to the title in the unified list of journals with
> a statement that "only CDRH personnel can use this data."  The thought is
> that since there are other Internet sources that FDA staff are not allowed
> to use, that this restriction will be followed.  If this is true, we should
> be able to get the vendors to agree to this method to restrict use to just
> our Center, as they now agree to our use of the password in a restricted
> access listing.
> 
> (3) We could have another way to distribute the passwords.  However, a
> significant per cent of the users don't even like passwords and have
> difficulty dealing with case sensitive passwords and other related problems.
> As long as we have pass words they will be a problem.
> 
> (4) We could have a note by each restricted journal stating that "this is
> only for CDRH staff" and get the vendor to agree that this is sufficient
> security to restrict use to our Center.  Of course this means a negotiation
> with each vendor.  One at a time.  And we have a very small staff.
> 
> Someone could tell us how they deal with the problem and we will have a
> celebration.  However, I have posted this problem before and have not found
> an answer yet.
> 
> My feeling is that publishers are easing up and this is not as much of a
> problem as it was before.  If we can not reach an agreement with a vendor,
> we do not subscribe.  I think they had rather have a paid subscriber who is
> making a good faith effort to protect the materials than nothing.  Is this
> an issue that others negotiate with vendors?  But I am not a lawyer and
> don't know what they really want.
> 
> Suggestions?
> 
> We are going to move ahead with the fourth solution, but wish there were a
> better way.
> 
>                 Gary E. Masters
>                 Librarian (Systems)
>                 CDRH - FDA
>         (301) 827-6893

-- 
Stacy Pober
Information Alchemist
Manhattan College Libraries
Riverdale, NY 10471
http://www.manhattan.edu/library


More information about the Web4lib mailing list