[OAI-implementers] User Specific Archive Access

Heinrich Stamerjohanns stamer@uni-oldenburg.de
Tue, 22 Apr 2003 16:51:05 +0200 (CEST)


On Tue, 22 Apr 2003, Michael Krot wrote:
> access to the entire journal from start to finish, other users will only
> have access to records up until a certain year (usually 5 years before
> the present year).  This isn't so hard to manage either, until you start
> to think about a user asking for new or changed content.  What is "new"
> or changed will be different for each harvester, depending on their
> access rights.

To handle access rights for the content stuff is probably beyond the scope
of metadata harvesting (see also below)

>
> One possible solution to this problem is to simply give them the
> metadata and flag it as being unavailable in some way, but this is not
> an ideal solution.  An ideal solution is to restrict access to the
> metadata until such time as they are permitted to harvest it.

I do not think this is an optimal solution.
Nobody will know that there is some important information out there, but
one is just unable to access the content.
Nobody will ask you then how this information might become accessible.
You should share the metadata, but possibly restrict access to content.

> Well, I don't expect anyone else to have encountered this specific
> problem, but if anyone has experimented with limiting access to an
> archive for specific users or user-groups, I would love to know about it.

You can easily restrict access to your Data-Provider on HTTP level, by
using e.g. IP restriction-based access. You can also restrict the use by a
password (.htaccess for Apache..).  The URL is then e.g.
http://user:password@www.myarchive.org/oai?verb=.... in order to access
the Data-Provider.

Heinrich


--
  Dr. Heinrich Stamerjohanns        Tel. +49-441-798-4276
  Institute for Science Networking  stamer@uni-oldenburg.de
  University of Oldenburg           http://isn.uni-oldenburg.de/~stamer