I think we need to clear (and careful) in this discussion about what user data we are discussing. With authentication being done by the library / university, Lean Library doesn’t actually have personally identifiable information (PII). While IP addresses can be traced, is that any more a concern than an user’s ISP tracking all of users traffic already, since Lean Library is only effective from off campus IP addresses? On EZProxy, we do use a wildcard certificate, and we are in the process of moving the IP address of the service to a private IP address. Similar to a previous comment, this service will be an individual choice of a user to make. We can’t push this to our users; it will take their own initiative to install. Another context that I haven’t seen yet: what do others think of the cost? Have you found it to be reasonable or high? We are still considering that question internally. One more context is the licensing. The base license language has the jurisdiction in The Netherlands, which is something we (Duke) could never accept. We are suggesting other language changes, too, so I don’t know where all of this will land. It is possible we won’t come to a mutual agreement on contract terms. Tim AUL for Digital Strategies and Technology Duke University Libraries On Wed, Aug 22, 2018 at 10:44 AM Haitz, Lisa (haitzlm) < [log in to unmask]> wrote: > With regard to Lean Library: We have already had to procure a security > exception from our central IT for our Proxy Server, due to a wildcard > certificate. > > I would rather err on the side of not exposing user data, as you’ve all > mentioned (great discussion-thanks!), but am wondering if many of you are > running into issues with your proxy server (we use ezProxy), and > certificates. > > Lisa Haitz > UC Libraries > > > > -- Tim McGeary [log in to unmask] GTalk/Yahoo/Skype/Twitter: timmcgeary 484-294-7660 (Google Voice)