[OAI-implementers] oai security
Thomas G. Habing
thabing@uiuc.edu
Tue, 15 Jan 2002 09:36:33 -0600
Josie,
For our original OAI prototype, last January, we implemented both IP address
and username/password restrictions for our data provider implementation.
Our implementation used Microsoft IIS Active Server Pages and VBScript. If
it would be helpful, I could probably dig up some relevant code snippets to
share.
In that implementation, if a user had the correct name/password or were
coming from an approved IP address they were allowed unfettered access to
the complete, full records. Otherwise, they were restricted to
'dumbed-down' versions of the same records, such as being limited to
harvesting only title, creator, date, and identifier elements.
Regards,
Tom
--
Thomas G. Habing
Research Programmer, Digital Library Projects
University of Illinois at Urbana-Champaign
155 Grainger Engineering Library Information Center, MC-274
thabing@uiuc.edu, (217) 244-4425
http://dli.grainger.uiuc.edu
Josie Imlay wrote:
>
> I am working on an oai server right now and the people that own the information don't want it getting in to just anyone and everyone's hands. I satisfied this using some simple http protocol level authentication. What I am woundering is if people writing harvesters out there are implementing username/password support at all.
>
> Thanks,
>
> Josie Imlay
>
> _______________________________________________
> OAI-implementers mailing list
> OAI-implementers@oaisrv.nsdl.cornell.edu
> http://oaisrv.nsdl.cornell.edu/mailman/listinfo/oai-implementers