[12565] in Public-Access_Computer_Systems_Forum
No subject found in mail header
daemon@ATHENA.MIT.EDU (zendog)
Wed Nov 11 20:04:27 1998
Date: Wed, 11 Nov 1998 15:46:47 -0500
From: zendog <zendog@incolsa.palni.edu>
To: PACS-L@LISTSERV.UH.EDU
Reply-To: zendog@incolsa.palni.edu
----------------------------Original message----------------------------
Recently a reader of PACS-L requested information on verifying valid users
over the Internet. Juck Lowe (jlowe@incolsa.palni.edu) of INCOLSA responded
to the person who posted the message. Others interested in the problem of
verifying valid users may be interested in Juck's post (below). (Posted
with permission.)
****************************************
Good morning, hope you're well. I saw your recent message regarding remote
patron authentication on the PACS listserv and thought I'd briefly share the
solution implemented by the Inspire project here in Indiana.
Inspire is a state funded virtual library that offers Indiana residents
access to commercial periodical databases (we currently offer 13 databases
from Ebsco,OCLC etc. and several library cats). The web address is
http://www.inspire-indiana.net
Access is allowed from ANY internet connected computer in the state
regardless of location or service provider. User are not required to be
library card holders; this is a true statewide initiative.
We authenticate this large and diverse user-base in 3 ways:
__________________________________________________
IP ADDRESS FILTERING: most schools, colleges,libraries and some Local
Service Providers/Businesses are authenticated by their IP address.
DOMAIN NAME FILTERING: used for authenticating most of Indiana's local
service providers, businesses and several out-of-state providers who
allocate domain names based on user location (eg, IBM's Indiana users have
the domain: *.in.us.ibm.net)
DIGITAL CERTIFICATES (an encrypted file that is stored by your browser):
Users of AOL, Compuserve, AT&T and other out-of-state ISP's that cannot be
authenticated by IP or Domain.
__________________________________________________
Administration of the above systems is fairly straighforward once all the
'legwork' has been done. End users and ISP's keep us up to date by telephone
and email with their domain and IP address information.
The digital Certificate service works in the following way:
The user is refused access to the site if he is not recognized by IP or
Domain. He then fills out an online form with details such as name, address,
email etc. From this form we generate mailers every evening in batch. The
mailer contains a 'one-time' password and instructions for downloading the
Digital Certificate. The password becomes useless once the certificate has
been downloaded.
Once the user has received the document via US mail (usually within 3 days),
he can download the Digital Certificate from our website and gain access to
our databases. The certificates have a built-in 'lifespan' of 18 months.
*********************************************************
Millard Johnson -- INCOLSA -- http://incolsa.palni.edu
Zendog@incolsa.palni.edu
I would rather risk failure than achieve it without risk.
*********************************************************
