Question(s)/Issue(s):

What are the different site access options for ebrary?

Solution(s):

1. Standard, Fixed IP-Range Site Access: Authentication is done based on the institution's fixed IP address range(s) controlled by or assigned to the institution's physical location.
   
   
2. Pre-Approved Custom Access Options: The following methods have been pre-approved by the ebrary Operations and Security teams.
   NOTE: The methods 1-5 below require that the customer be solely responsible for configuration and support of its access systems; and for maintaining and administering end user passwords (or other security mechanisms reasonably required by ebrary) including:
   • Never established password sharing that enable ebrary access.
   • Never posting ebrary access passwords on any internal or external website
   • Maintaining user access logs for a period of thirty (30) days to support investigation of any channel misuse by end users.
   1. Remote Authentication:
      Secure remote user authentication systems that validate individual usernames and passwords or barcodes, providing the remote user with access to ebrary from within the institution's IP range(s). May include URL rewriting proxy servers (which may be included in CMS or OPAC systems) or Virtual Private Network (VPN) systems.
      
   2. Single-Sign-On Products:
      ebrary integrated single-sign-on systems, operating within the institution's IP range(s). These systems were developed and tested by the software vendors to use ebrary APIs to provide secure authentication of users to ebrary; currently available with EZproxy and Blackboard, and may be developed for other products.
      
   3. Secure Referring URL:
      Secure remote user authentication systems that validate individual assigned usernames and passwords, providing a secure referring URL link to ebrary.
      This method is highly disfavored, but may be allowed on an exception basis for specific channels based on ebrary review of the institution's implementation and ebrary's assessment of the institution's web development capabilities and resources.
      By requesting Referring URL access, the institution will be deemed to accept the following terms:
      Remote access to ebrary must be individually authenticated and secure.
      • Any unauthorized access or abuse detected on a referring URL channel may result in immediate removal of the referring URL path that allows access to ebrary.
      • ebrary may use geographic IP verification to limit each referring URL channel to access only by IPs assigned to the institution's country or countries.
      • The institution must integrate an ebrary API authentication module compatible with its system when/if the module becomes available.
      
      Note that the institution must have web software development experienced staff and meet ebrary qualification requirements to integrate the ebrary API authentication module.
      
      
   4. Single-Sign-On Module:
      Single-sign-on integration with institution's secure user authentication system using a compatible ebrary API authentication module. Institiution must have staff with web software development expertise and meet ebrary qualification requirements to integrate the ebrary API authentication module. Modules may not be available for all web server software platforms.
   5. Other Commercial Systems:
      Any other standard commercially-available authentication system that provides reasonable authentication and security, and that is supported by ebrary for other customers as a standard product feature.
   6. Access Management Providers:
      Subscription access management systems (such as Eduserv Athens) as supported by ebrary. The institution is responsible for its relationship with the access management service provider and for all account administration.
   7. ebrary RPA:Ebrary remote patron authentication service (RPA), an ebrary hosted service using an institution-supplied list of individual usernames and passwords or barcodes.
   
   
   
3. Other Access Options (ebrary Pre-Approval Required):
   
   1. Custom Systems:
      Custom developed or proprietary secure user authentication systems that meet ebrary's technical and security requirements, permitted at ebrary discretion subject to review by ebrary security team.
   2. ebrary APIs:
      Customized ebrary API single-sign-on integration (not utilizing a standard Ebrary API authentication module). Customer must have staff with web software development expertise and meet ebrary qualification requirements to integrate the ebrary APIs.