For this week, we explored the various types of technological protection measures (TPM) present in licensed resources and how they may pertain to libraries. David Millman provides an introduction to authentication and authorization while Kristin Eschenfelder explores how TPM are being used in libraries, including what sort of implementations are most common in particular types of institutions. In general, libraries tend to use authentication systems to control access to materials. Authentication is the process that determines who the user is and pending that outcome, the user will or will not be granted access to the desired materials, which is part of the authorization process.
Libraries typically provide the publisher or vendor of a licensed resource with some kind of list of IP addresses, as well as those associated with a proxy server or virtual private network (VPN). Proxy servers and VPNs are used when patrons, such as enrolled students at UW – Madison, are attempting to access licensed resources from off campus. The authentication system sees the IP address or number as a proxy address, routes it through the proxy server, which is a UW – Madison IP address, and then onto the UW libraries server or the publisher server. If logging in through a VPN, the authentication system sees the off campus address as part of the UW network. So basically, the VPN adds the user to the network, as opposed to simply allowing access. When logging in to access the licensed resource, the system also looks for authorization rights.
In general on the UW – Madison campus, most users have the same rights, meaning that if they are authorized users (as defined in the license agreement), everyone may more or less view the same materials and resources. Authorization provides permission to use a particular resource, which is typically granted through an IP address range. It is through this range that permissions may be denied, as is the case with certain medical resources, for example. Furthermore, systems such as Shibboleth may be used to grant or deny access based on the users department and program. Such systems may be helpful for small libraries to ensure a good price on licensed resources by demonstrating that only a small number of users will be able to access the resource.
While most licensed resources necessitate authentication and authorization protocols, TPM tools may also be in place either through the resource itself or at the library. TPM tools are hardware and software systems that may facilitate limitation of access or the range of uses allowed to users as users could redistribute, alter and republish items from licensed resources. Essentially, since the language in license agreements may be vague or unclear, TPM may block uses that are not explicitly defined in the agreement. These TPMs may be in the form of soft or hard restrictions where soft restrictions are hardware or software configurations making it difficult for the authorized user to download, save, print, or copy/paste items from the resource. A savvy user usually finds work-arounds to these restrictions, but with hard restrictions, certain uses are prevented through hardware or software. Hard restrictions and TPMs should not be confused with Digital Rights Management (DRM) tools, although they are somewhat related, or at least similar.
Eschenfelder, in her three articles for this week, found that soft restrictions are quite common and include a warning, download limits, and “restriction by decomposition”. The most common hard restriction is the blocked copy and paste functionality, yet there are few examples of hard restrictions actually in use. The most common tools in libraries, museums and archives are authentication systems, specifically network-ID logins and IP address ranges. By limiting use through authentication, further restrictions may not be as necessary. In terms of use control, Eschenfelder and Agnew found that resolution limits and watermarking are quite common. However, some could argue that this may limit legitimate use of the resource. For example, what if an art student is studying a particular work of art or artist and the only online collection has poor resolution or a big watermark in the middle of the image? It may be difficult for that student to effectively analyze his or her topic. This begs the question of how should librarians proceed? If we continue to allow the publishers and vendors to dictate the type of TPM restrictions, what will they try next?
No comments:
Post a Comment