This chapter looks at two related topics: methods for controlling who has access to materials in digital libraries, and techniques of security in networked computing. This book uses the term access management to describe the control of access to digital libraries, but other words are also used. Some people refer to "terms and conditions."
In publishing, where the emphasis is usually on generating revenue, the strange expression "rights management" is common. Each phrase has a different emphasis, but they are essentially synonymous.
An obvious reason for controlling access is economic. When publishers expect revenue from their products, they permit access only to users who have paid. It might be thought that access management would be unnecessary except when revenue is involved, but that is not the case; there are other reasons to control access to materials in a digital library. Materials donated to a library may have conditions attached, perhaps tied to external events such as the lifetime of certain individuals.
Organizations may have information in their private collections that they wish to keep confidential, such as commercial secrets, police records, and classified government information. The boundaries of art, obscenity, and the invasion of privacy are never easy to draw. Even when access to the collections is provided openly, controls are needed over the processes of adding, changing, and deleting material, both content and metadata. A well-managed digital library will keep a record of all changes, so that the collections can be restored if mistakes are made or computer files are corrupted.
Uncertainty is a fact of life in access management. People from a computing background sometimes assume that every object can be labeled with metadata that lists all the rights, permissions, and other factors relevant to access management.
People who come from libraries, and especially those who manage historic collections or archives, know that assembling such information is always time consuming and frequently impossible. Projects, such as the American Memory project at the Library of Congress, convert millions of items from historic collections. For these older materials, a natural assumption is that copyright has expired and there need be no access restrictions, but this is far from true. For published materials, the expiration of copyright is linked to the death of the creator, a date which is often hard to determine, and libraries frequently do not know whether items have been published.
As explained in Chapter 6, many of the laws that govern digital libraries, such as copyright, have fuzzy boundaries. Access management policies that are based on these laws are subject to this fuzziness. As the boundaries become clarified through new laws, treaties, or legal precedents, policies have to be modified accordingly.
Elements of access management
Figure 7.1 shows a framework that is useful for thinking about access management.
At the left of this figure, information managers create policies for access. Policies relate users (at the top) to digital material (at the bottom). Authorization, at the center of the figure, specifies the access, at the right. Each of these sections requires elaboration. Policies that the information managers establish must take into account relevant laws, and agreements made with others, such as licenses from copyright holders. Users need to be authenticated and their role in accessing materials established. Digital material in the collections must be identified and its authenticity established. Access is expressed in terms of permitted operations.
Figure 7.1. A framework for access management
When users request access to the collections, each request passes through an access management process. The users are authenticated; authorization procedures grant or refuse them permission to carry out specified operations.
The responsibility for access lies with whoever manages the digital material. The manager may be a library, a publisher, a webmaster, or the creator of the information.
Parts of the responsibility may be delegated. If a library controls the materials and makes them available to users, the library sets the policies and implements them, usually guided by external restraints, such as legal restrictions, licenses from publishers, or agreements with donors. If a publisher mounts materials and licenses access, then the publisher is the manager, but may delegate key activities, such as authorization of users, to others.
Users
Authentication
When a user accesses a computer system, a two-step process of identification usually takes place. The first is authentication which establishes the identify of the individual user. The second is to determine what a user is authorized to do. A wide variety of techniques are used to authenticate users; some are simple but easy to circumvent, while others are more secure but complex. The techniques divide into four main categories:
x What does the user know? A standard method of authentication is to provide each user with a login name and a password. This is widely used but has weaknesses. Passwords are easily stolen. Most people like to select their own password and often select words that are easy to remember and hence easy to guess, such as personal names, or everyday words.
x What does the user possess? Examples of physical devices that are used for authentication include the magnetically encoded cards used by bank teller machines, and digital smart-cards that execute an authentication program.
Smart-cards are one of the best systems of authentication; they are highly secure and quite convenient to use.
x What does the user have access to? A common form of authentication is the network address of a computer. Anybody who has access to a computer with an approved IP address is authenticated. Data on many personal computers is unprotected except by physical access; anybody who has access to the computer can read the data.
x What are the physical characteristics of the user? Authentication by physical attributes such as voice recognition is used in a few esoteric applications, but has had little impact in digital libraries.
Roles
Policies for access management rarely specify users by name. They are usually tied to categories of users or the role of a user. An individual user can have many roles. At different times, the same person may use a digital library for teaching, private reading, or to carry out a part-time business. The digital library may have different policies for the same individual in these various roles. Typical roles that may be important include:
x Membership of a group. The user is a member of the Institute of Physics.
The user is a student at the U.S. Naval Academy.
x Location. The user is using a computer in the Carnegie Library of Pittsburgh.
The user is in the USA.
x Subscription. The user has a current subscription to Journal of the Association for Computing Machinery. The user belongs to a university that has a site license to all JSTOR collections.
x Robotic use. The user is an automatic indexing program, such as a Web crawler.
x Payment. The user has a credit account with Lexis. The user has paid $10 to access this material.
Most users of digital libraries are people using personal computers, but the user can be a computer with no person associated, such as a program that is indexing web pages or a mirroring program that replicates an entire collection. Some sites explicitly ban access by automatic programs.
Digital material
Identification and authenticity
For access management, digital materials must be clearly identified. Identification associates some name or identifier with each item of material. This is a major topic in both digital libraries and electronic publishing. It is one of the themes of Chapter 12.
Authentication of digital materials assures both users and managers of collections that materials are unaltered. In some contexts this is vital. In one project, we worked with a U.S. government agency to assemble a collection of documents relevant to foreign affairs, such as trade agreements and treaties. With such documents the exact wording is essential; if a document claims to be the text of the North America Free Trade Agreement, the reader must be confident that the text is accurate. A text with wrong wording, whether created maliciously or by error, could cause international problems.
In most digital libraries, the accuracy of the materials is not verified explicitly. Where the level of trust is high and the cost of mistakes are low, no formal authentication of documents is needed. Deliberate alterations are rare and mistakes are usually obvious.
In some fields, however, such as medical records, errors are serious. Digital libraries in these areas should seriously consider using formal methods of authenticating materials.
To ensure the accuracy of an object, a digital signature can be associated with it, using techniques described at the end of this chapter. A digital signature ensures that a file or other set of bits has not changed since the signature was calculated. Panel 7.1 describes the use of digital signatures in the U.S. Copyright Office.