Remote Access Methods for Online Resources

This document explores different implementations available for providing access to MOREnet-administered online resources to faculty, staff, students and patrons when they are away from their institutions.

By default, access to online resources is authenticated by IP address. MOREnet-administered online databases are available to patrons from any MOREnet-connected member site that has MOREnet-assigned IPs or alternately, has IPs that have been submitted and accepted for MOREnet filter lists.

While MOREnet offers a standard set of contracted databases to all its member institutions, each institution can choose to configure products differently and can also choose to purchase additional databases directly from the online resource vendors. Each MOREnet member has a unique account through each vendor for this purpose. Therefore it may be beneficial to patrons of an institution to authenticate through a remote method to that specific institution's account when possible. In addition, when using remote access methods, usage statistics will be collected in the correct account, allowing each institution to accurately gauge usage of resources from both on and off campus.

Remote Access to Gale Discovering Collection

For information regarding remote access to the Gale Discovering Collection, see Gale Cengage Learning's Authentication FAQ at

http://support.gale.com/article.asp?article=1161&p=10

Remote Access to LearningExpress Library

For information regarding remote access to Learning Express Library, see

http://www.more.net/online/learningexpressremote.html

Remote Access Policies

1. Remote access to EBSCOhost databases by registered/authorized staff, students and patrons is permitted.
2. Remote access to NewsBank by registered/authorized staff, students and patrons is permitted as follows:
   • Higher Education: All databases
   • K-12 Schools, Public Libraries and all other non-Higher Education MOREnet customers:
     • Permitted: Chicago Tribune, Christian Science Monitor, Des Moines Register, Louisville Courier, New York Post, Springfield News Leader, St. Louis Post Dispatch, Tulsa World, Washington Post.
     • Not permitted: Kansas City Star and Wichita Eagle.

Note: NewsBank can work directly with the customer to ensure the appropriate restrictions are implemented.

When delivering remote access to these online resources, there must be an appropriate level of care that restricts use to current staff, students and patrons. Therefore it is expected that organizations will employ the appropriate procedures, which may include:

• Authorization keys to proxies and Web servers are periodically updated for those who are currently associated with the institution.
• A current patron ID file is uploaded to the online resource vendors at reasonable intervals.
  
• User IDs and passwords are not posted on public webpages, publicly accessible discussion lists and other venues open to the Internet.
• Passwords in simple ID and password methods are changed when staff/faculty rosters change.

Back to top

Remote Access Methods

Please review the methods and their requirements below then choose the one that best meets your institution's needs:

Proxy Server

Required

• Institutional proxy server, which authenticates patrons, and seamlessly uses its own IP address to authenticate through to online resource vendors.

View the Proxy Server flow chart (PDF file; 53KB)

Authentication by proxy server can fit into a larger plan of access to internal organizational resources and requires little set-up and maintenance to employ. Often the only server modification needed for implementation may be to enter online resource domains to the DNS exclusion list and to allow passage and set of browser cookies.

Be aware that some proxy and filtering services force traffic to be rerouted through third party servers, which are outside MOREnet's networks. This can cause rejection of the proxy's IP authentication. These third party servers may be shared with many different customers and authenticate with a common IP address. These server IPs cannot be added to the filter list; however, there may be a work-around offered by the proxy's vendor. If no such work-around exists, benefits of proxy server remote authentication may have to be abandoned and another authentication method sought.

For more information about proxy server set up, see Proxy Settings for Online Resources at http://www.more.net/online/proxydatabase.html. For more assistance, contact MOREnet Technical Support.

Referring URL Authentication

Required

• A Web server or OPAC that can authenticate a patron to a secure internal webpage.

View the Referring URL Authentication flow chart (PDF file; 67KB)

Referring URL Authentication allows a specific internal webpage URL to be registered with each online resource vendor. Each vendor supplies a special URL to be used as a link on that internal webpage. This URL is registered with each online resource vendor. The vendor supplies a special URL in return to be used as a link on the internal webpage. Authentication to the online resource is achieved after initial authorization at the Web server or OPAC through link recognition at the online resource vendor.

This method also requires little set up and maintenance. Your site controls all authentication restrictions. Since the link is not tied to the server IP address, the server can be migrated or moved to an alternate IP with no loss in the authentication method. If the URL structure is altered, the registered link will need to be altered with the vendors.

Please contact MOREnet Technical Support to set up Referring URL Authentication. Have the URL for the secured internal webpage available when you call. Contact your server software vendor with any questions about location or structure of your internal webpage or the set up of authentication on your Web server or OPAC.

Back to top

Patterned ID Authentication

Required

• All patrons must have an ID number or library card number that:
• Falls in an identifiable fixed range of characters (letters and numbers).
• Includes some unchanging characters (or alternately, choose some unchanging variables that will be added to the number).
• Are not based on patron social security numbers.
• Are at least five characters in length.

View the Patterned ID Authentication flow chart (PDF file; 74KB)

Patterned ID Authentication allows registration of a range or ranges of IDs at each online resource vendor. The vendor provides a URL for the link. The patron is prompted to provide his or her ID number, and if that ID number fits within the parameters, the patron will be authenticated. This method requires set up of an additional publicly accessible page on a website for patrons to access from outside the institution (or alternate distribution of URLs for outside use).

Please contact MOREnet Technical Support to set up Patterned ID Authentication. Have the character ranges identified and available when you call.

Patron ID Authentication

Required

• All patrons must have an ID number or library card number.
• The numbers are not based on patron social security numbers.
• The numbers exported to a delimited text file.

View the Patron ID Authentication flow chart (PDF file; 60KB)

Patron ID Authentication allows registration for varied numbers, which are registered with each online resource vendor. The vendor provides a URL for the link and details about the authentication process.

This method is the most maintenance intensive. ID numbers need to be exported into a delimited text file. Periodically this file must be uploaded in each of the online resource vendors' systems to ensure the access list is current. This method requires set up of an additional publicly accessible page on a website for patrons to access from outside the institution (or alternate distribution of URLs for outside use).

MOREnet will contact vendors to assist in the set up of this authentication and plan a schedule of updates. The organization's administrator will need to use EBSCOadmin to upload files for EBSCOhost authorization.

Please contact MOREnet Technical Support to begin the process of setting up Patron ID Authentication. Know the process to export IDs into a delimited text file when you call. Check with your system administrator or outside software vendor for more information on this data export, if necessary.

Back to top

Simple User ID and Password

Required

• A very limited group of staff or faculty who need online resource access.

View the Simple User ID and Password flow chart (PDF file; 60KB)

Simple User ID and password is the least desirable of all the remote access methods because controlling access to the resources is difficult. Every effort to restrict use must be made. The ID and password must not be posted publicly.

The vendors supply a single user ID and password. Use of the default URL from outside the institution will bring up the an ID and password prompt screen. This method will not work when an individual tries to access from the premises of another EBSCOhost-authenticated customer.

Please contact MOREnet Technical Support to begin the process of setting up simple User ID and password authentication.