Skip to Main Content
Article navigation

Review of Access and Identity Management for Libraries: Controlling Access to Online Information is a thorough overview of approaches available to libraries for managing the complex task of access and identity, particularly as it pertains to subscribed e-resources. With instances of identity theft in the news each day, universities are acutely aware of the ramifications for them if adequate precautions are not taken. Indeed, the topics covered by this text will be familiar to anyone who has used an online service that is password protected.

Authors Garibyan, McLeish, and Paschoud, who appear to have crossed paths while working on library projects at the London School of Economics, focus on academic libraries, though a few examples are provided from public libraries. There is a good glossary at the front of the book, and two appendices. The first appendix is a series of case studies drawn from libraries in the UK, Australia, and the USA, designed to highlight different aspects of access and identity management (AIM) covered in the volume. The cases are uniform in presentation, making it easy to anticipate what’s going to be covered. All are forward-looking, with advice/recommendations for other institutions.

Appendix 2 is a White Paper edited by Clifford Lynch in 1998, Authentication and Access Management Issues in Cross-organizational Use of Networked Information Resources. A minor issue, but I would have put the Lynch paper at the front and the glossary in the back as white paper gives the reader a foundation and lens through which to analyze the approaches presented in the body of the text, many of which would have been inconceivable a decade earlier.

This book is a uniform read in terms of presentation, tone, and explanatory graphical representations that combine to make this a good choice for any librarian who wants a basic understanding of what happens in the background when users go online and the range of options open to libraries to accomplishing the required tasks. Each chapter announces its objective at the outset, summarizes its contents at the close, and adds references so that the reader can delve more deeply about the topic being covered by that chapter. While the topic may be technical, there is no chapter that is not accessible to any librarian, no matter how involved he/she might be in terms of AIM.

Chapter 1, What is access management, and why do libraries do it?, introduces the reader to “some seminal milestones in the invention of modern access and identity management principles.” Chapter 2 (Electronic resources: public and not so public) explains what users want from online databases (e.g. ubiquitous 24-hour access) and how the library needs to assure that they are complying with multiple licensing agreements. Chapter 3 presents the Principles and definitions of identity and access management, explaining four important processes involved in AIM: registration, authentication, authorization, accounting, and monitoring.

The following few chapters explain the pluses and minuses of several technologic approaches with which readers will be familiar, including IP address authentication, barcode authentication, proxy servers, shared passwords, user registration with publishers, and federated access. What made this so clear was the notion that authentication occurs in one of three ways: What the user knows (password, PIN), what the user has (smart card, digital signature, credit card), or what the user is (iris scan, fingerprint, keyboard dynamics). Authorization can be based on physical location (URL, domain name, or IP address), user identity or affiliation (e.g. with a library) or who you are/what you do (e.g. role based). Chapter 8 focusses on the benefits of single sign-on, and standards for federated access.

Chapter 9 is designed to help libraries choose access and identity management products and services. Chapter 10 helps libraries understand their responsibilities when they provide Internet access. There is a chapter on library statistics: how they are collected and how they should be used. The final chapter (12) helps libraries put together their business case for the approach/tool they have chosen. This alone is worth the price of admission.

or Create an Account

Close Modal
Close Modal