Association of Research Libraries; <http://www.arl.org/>EDUCAUSE; <http://www.educause.edu/>
    
CNI - Coalition for Networked Information; <http://www.cni.org/>
 
About CNI
Task Force Meetings
Conferences
Presentations and Publications
Projects
CNI Collaborations
Site Map
Google

www.cni.org
the web

Information about CNI RSS news feed.
 

READI

(Rights for Electronic Access to and Delivery of Information)

PASSWORDS

Definition

A specific key that allows access to either a specific database or to a network service--either at a single institution or available at many institutions. Passwords may be assigned to individuals or to communities.

Discussion

Passwords are assigned for a number of purposes, some of which are important to suppliers; others are important to buyers. Our research has identified a number of key purposes served by passwords:

  1. To limit access either to a specific database or to the network system generally;

  2. To limit simultaneous access (again, either to a specific database or to the network system itself);

  3. To monitor use of the entire system, specific databases, access by individuals, or by parts of the user community (faculty or students, for example); and

  4. To trigger billing.

The technical methods of issuing and administering passwords can be provided by the supplier, an intermediary, and in most large institutions by the institution itself. It is anticipated that the future marketplace will eventually accept third-party services (i.e. functioning as bank cards do currently, but in a manner that will account for the special concerns of network security) to create and administer password access (at the moment this option does not yet exist).

Specific agreements between buyer and seller as well as intermediaries outline the purposes of passwords as well as which party will install and administer them.

Primary consideration is often given to shielding the individual accessing information from the institution or the vendor to protect the user's privacy. Still, information generated by accessing, that is, whether the user is a student or faculty member--or interested in psychology or nuclear physics--is often permitted under agreements in order to generate as much transaction data for the buyer as well as the seller. This information, however, is recorded, saved, or discarded, based on each institution's policies and guidelines and varies greatly from institution to institution--and within each organization as well.

Certain passwords are assigned to individuals at institutions and may be linked to an identification (ID) number, Social Security number or other unique identifier. In other cases, passwords are assigned to entire communities. Still others are assigned to specific networks or even more specific databases or modes of access. Other passwords may be assigned to a geographical location, preventing users from outside the campus, state, or other boundary from gaining access. Again, each of these limitations may depend upon the nature of the contract agreed between the buyer and seller or may be the function of an institution's policy.

Our research also revealed that, under certain conditions, passwords may encourage access, rather than discourage it. When a vendor charges an end-user, or institution, by the transaction, it is in the interest of the vendor to stimulate use. Therefore, widely known passwords under transaction-based agreements tend to benefit the supplier. Such publicly known passwords for access tend to generate more transactions and therefore greater fees.

On the other hand, institutions, recognizing the possibility of runaway budgets for access to data based on transactions, will likely wish to limit access to such passwords and therefore limit access to searches that generate fees for individual transactions.

However, when institutions pay for information via subscription-based pricing, institutions may encourage wide password access, since no additional charges are levied on each transaction.

Benefits

Both buyers and sellers of networked information can benefit from the introduction of passwords into the system. Passwords offer the ability to limit, expand, or customize access to information and provide buyers and sellers with the ability to monitor usage.

Risks

Among the chief risks in assigning passwords to individuals for access is the possibility, unless strictly controlled, of undermining the privacy of individuals who may be accessing information that either the institution or the state may find offensive. Certain ways of assigning passwords, either by Social Security number, or student/faculty identification numbers may inadvertently lead to individuals being exposed. Another danger is that the security of passwords and other coding systems may inadvertently be open to invasion or access over the Internet.

Another problem with the issuances of passwords is the technical infrastructure and administration necessary to manage and monitor them. Certainly, large organizations (i.e., a state university system) have the infrastructure required to introduce and administer complicated password systems. Smaller organizations (i.e., local libraries or liberal arts colleges) may not be prepared to provide the necessary technology to introduce appropriate and effective password systems.

The risk of misappropriation of passwords is also present in any agreement for networked information. Both buyers and sellers are encouraged to cover this possibility when discussing liabilities. (See "Liabilities").

[Backward] [To Index] [Forward] [CNI Home Page]


What  is  CNI? Projects Meetings Conferences
What's  New? Net Services Search Archives

CNI
21 Dupont Circle   Suite #800
Washington, DC  20036-1109
202.296.5098
<http://www.cni.org/>

[Image: mailbox.gif; Send the CNI webmgr@cni.org an e-mail message] Developed & Maintained by:
webmgr@cni.org
© 2008 Coalition for Networked Information
ALL RIGHTS RESERVED.
Any comments, or feedback? Last Update:   Wednesday, 03 July, 2002 - 04:22 PM - EDT