I think we need to clear (and careful) in this discussion about what user
data we are discussing. With authentication being done by the library /
university, Lean Library doesn’t actually have personally identifiable
information (PII). While IP addresses can be traced, is that any more a
concern than an user’s ISP tracking all of users traffic already, since
Lean Library is only effective from off campus IP addresses?
On EZProxy, we do use a wildcard certificate, and we are in the process of
moving the IP address of the service to a private IP address.
Similar to a previous comment, this service will be an individual choice of
a user to make. We can’t push this to our users; it will take their own
initiative to install.
Another context that I haven’t seen yet: what do others think of the cost?
Have you found it to be reasonable or high? We are still considering that
question internally.
One more context is the licensing. The base license language has the
jurisdiction in The Netherlands, which is something we (Duke) could never
accept. We are suggesting other language changes, too, so I don’t know
where all of this will land. It is possible we won’t come to a mutual
agreement on contract terms.
Tim
AUL for Digital Strategies and Technology
Duke University Libraries
On Wed, Aug 22, 2018 at 10:44 AM Haitz, Lisa (haitzlm) <
[log in to unmask]> wrote:
> With regard to Lean Library: We have already had to procure a security
> exception from our central IT for our Proxy Server, due to a wildcard
> certificate.
>
> I would rather err on the side of not exposing user data, as you’ve all
> mentioned (great discussion-thanks!), but am wondering if many of you are
> running into issues with your proxy server (we use ezProxy), and
> certificates.
>
> Lisa Haitz
> UC Libraries
>
>
>
> --
Tim McGeary
[log in to unmask]
GTalk/Yahoo/Skype/Twitter: timmcgeary
484-294-7660 (Google Voice)
|