[Eril-l] [EXT] Question about managing on-campus access to e-resources

Melissa Belvadi mbelvadi at upei.ca
Wed Feb 15 08:37:26 PST 2023 

Canada library here. We have IT-required login to the individual desktop computers, but there's no requirement at all about campus users needing to login again through the proxy server (ezproxy, self-hosted) to access library licensed resources in their web browsers (they don't).

I am wondering, Christina, if the faculty objection is to the tedium of doing it, or of a perceived lack of privacy in their searching? I'm guessing the latter.

Ironically, they would have MORE privacy if every library database search session went through the proxy server, because the companies would only see the proxy server's IP address instead of the individual IP address of the faculty member's specific computer. If they are more concerned about intra-campus privacy rather than vendors, I have bad news for them - it's easy to configure ezproxy with the "A" directive so that the on campus users would not see a login process and yet their entire search session would still run through the proxy server and hence everything they do would get into the proxy log files anyway.
It's not the logging in that is a privacy concern, but rather than server path the sessions go through and what is being logged in all those intermediate servers.
I wouldn't be surprised to find that your IT dept can simply log all http/https traffic down to the faculty's workstation IP if they wanted to, not just for library services but everything else on the Internet.
After all, it's all going through their routers.

Melissa Belvadi
Collections Librarian
University of Prince Edward Island
mbelvadi at upei.ca
________________________________
From: Eril-l <eril-l-bounces at lists.eril-l.org> on behalf of Mark Gooch <MGOOCH at wooster.edu>
Sent: Wednesday, February 15, 2023 12:07 PM
To: Christina Torbert <ctorbert at olemiss.edu>; Eril-l at lists.eril-l.org <Eril-l at lists.eril-l.org>
Subject: Re: [Eril-l] [EXT] Question about managing on-campus access to e-resources


CAUTION: This email originated from outside of UPEI. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are uncertain, please forward to phishing at upei.ca and delete this email.


WARNING: The sender of this email could not be verified and may not match the person in the 'FROM' field. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are uncertain, please forward to phishing at upei.ca and delete this email.


I would be surprised if your IT department on campus would allow this.  Required log in is basic computer security and possibly a requirement of insurers and maybe even government requirements.  IT departments have to be able to track users in case there is nefarious activity on the network.  You are fortunate to be able to have some public computers that don’t require a log in.  We have to fight to get any computers that don’t require a log in.  It’s the nature of the 21st century, unfortunately.



Thanks

Mark



--

Mark Gooch

Collection Management Librarian

The College of Wooster Libraries

1140 Beall Ave.

Wooster, Ohio 44691

Phone: 330-263-2522

FAX: 330-263-2253

mgooch at wooster.edu





From: Eril-l <eril-l-bounces at lists.eril-l.org> on behalf of Christina Torbert <ctorbert at olemiss.edu>
Date: Wednesday, February 15, 2023 at 10:05 AM
To: "Eril-l at lists.eril-l.org" <Eril-l at lists.eril-l.org>
Subject: [EXT][Eril-l] Question about managing on-campus access to e-resources



This question may be sent to multiple lists. Apologies for duplication.



In our library the only users not required to log in to electronic resources are users on the library’s networked computers, in order to accommodate walk-in users. Over the years, individual faculty have requested that the library open access to the entire campus, so they do not have to “sign in” from their offices. The requests are now echoing more urgently, so my colleague and I are asking questions about how to manage this level of openness without losing too much security and control of access only to authorized users.



Does your institution require authentication for users who are on-campus outside the library? What method of authentication does your institution use to determine who is an authorized user in that situation?



Our library currently uses IP authentication with a proxy service, hosted and library-managed.



Thank you in advance for your collective wisdom.



Christina Torbert

Head of Continuing Resources and Acquisitions

Liaison for Philosophy and Religion

Associate Professor​

J.D. Williams Library

University of Mississippi​

662-915-7059 (o)

662-801-9434 (c)

ctorbert at olemiss.edu

she/hers

Book an appointment with me: https://calendly.com/ctorbert



*From off-campus address*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20230215/3db01613/attachment.htm>

More information about the Eril-l mailing list