|
 |
|
Certifying Internet Database Providers with Remote Patron Authentication  This document is intended to help library staff implement access to electronic database providers through Dynix's Remote Patron Authentication (RPA). RPA is a web gateway product which mediates library patron (user) access to Web-based databases or to protected resources by first authenticating the user against the live patron database. Authentication Methods RPA detects whether the user is initiating a search from within or from outside the library by IP address. RPA can provide automatic passthrough for those users accessing database resources which store and recognize these same internal IP addresses. If users attempt to access electronic resources from outside the library domain, they will be prompted to enter their library barcode, phone number, last name, PIN, or other identification information. RPA then uses this information to authenticate the user with the library’s live patron database. Once the patrons successfully authenticate, they are eligible to gain access to these protected resources. Access is permitted based on the method of certification used by the database provider. Methods of Certification We have found that those database providers who accommodate remote patron access do so with one of the following methods. Referring URL When an authenticated user selects a protected resource, the URL from the page from which he is launched or "referring URL" is passed to the database provider in the HTTP header. Since only authenticated patrons can access the referring URL page, the database provider can be assured that the user has been authenticated before accessing its services. If this method of certification is used, the database provider (or protected resource) must maintain and recognize referring URLs for each of its customer libraries. URL-Embedded Username and Password A method preferred by other database providers is one where it assigns the library a username and password which is placed as variables in the "Success URL" or the URL which is used to access the database, once the user has been authenticated. Since, once again, access to this link is restricted to those who have successfully authenticated, the database provider can be relatively assured that the user is a qualified patron of a subscribing library. (Libraries and database providers are encouraged to change these passwords often, as patrons, having once authenticated and gained access to the vendor’s page, could possibly save the password-embedded URL as a bookmark and subsequently use or misuse it.) Database Vendor provided Script Some database providers provide scripts that encrypt or otherwise securely communicate certification information in the HTTP message. RPA accommodates such scripts as long as they can be invoked from within the protected resource’s "Success URL." Future Development In the future, Dynix plans to implement digital certificates and other standard methods of certifying users, as they are adopted as an industry-wide standard for electronic database providers. Dynix welcomes the opportunity to work with any vendors in the development and testing of these new methods. Steps to a Successful RPA Certification
|
- HOME - SEARCH - CONTACT US  - About Us - What's New - Dynix Institute - Dynix Stories - Library Solutions - Products & Services - Download Collateral   |
