Page 207 - Building Digital Libraries
P. 207
CHAPTER 8
Dedication and License at https://opendatacommons.org/licenses/pddl/
was designed specifically for data. An organization can also create its own
licenses. However, adopting widely used licenses simplifies interoperability
and future migrations.
Access control and copyright controls differ significantly among reposi-
tory platforms, which in turn affects what types of materials and services a
repository can support. For this reason, it is important to detail the collec-
tions, users, and needed access control when selecting a repository platform
as outlined in chapter 2.
Access Control Mechanisms
Even if the purpose of your repository is to make items freely available,
you’ll probably need to implement access control. Graduate students may
need embargo support so that their theses, dissertations, or supporting data
comply with publication, research, or employment obligations. Researchers
must often suppress or control all or portions of their work for reasons relat-
ing to privacy, security, or intellectual property. In a corporate setting, some
materials may be unsuitable for general access. There are many scenarios in
which access to submitted content may be delayed, temporarily available,
or indefinitely limited to a specific user group.
Getting your repository running requires you to implement access
control that meets your repository’s needs. To accomplish this, you need
to determine:
• Which authentication mechanisms your institution sup-
ports—including those that are not currently in use
• Which authentication mechanisms can potentially be used
with the repository
• Who you need to talk to in order to implement mechanisms
that will work for your repository
When implementing access control, it’s important to distinguish between
authentication and authorization. Authentication is the process of verify-
ing someone’s identity. For example, when you log into your computer or
e-mail with a user name and password, you prove you are the owner of that
user name. Authorization is the process of determining what someone may
access. For example, once you log into your computer, you may only be able
to see and modify certain directories and files on network drives, depending
on which ones you are authorized to work with.
Repository administrators often are charged with implementing specific
access-control mechanisms that provide authentication and authorization
functions based on their organization’s infrastructure—that is, they often
have little choice over which mechanisms they can use. Libraries often serve
many groups that cannot be authenticated using the library’s authentica-
tion system. For example, academic libraries often serve affiliated faculty,
192
