authentication and access

128 iNForMAtioN tecHNoloGY AND liBrAries | septeMBer 2010

Lynne Weber and Peg Lawrence

Authentication and Access: Accommodating Public Users in an Academic World

inCookandShelton’sManaging Public Computing,whichconfirmedthelackofapplicableguidelinesonacademicwebsites, had more up-to-date information but was notavailable to the researchers at the time the project wasinitiated.2Inthecourseofresearch,theauthorsdevelopedthefollowingquestions:

■■ How many ARL libraries require affiliated users tolog into public computer workstations within thelibrary?

■■ How many ARL libraries provide the means toauthenticateguestusersandallowthemtologontothesamecomputersusedbyaffiliates?

■■ HowmanyARLlibrariesofferopen-accesscomput-ersforgueststouse?Dotheselibrariesprovidebothopen-accesscomputersandthemeansforguestuserauthentication?

■■ HowdoFederalDepositoryLibraryProgramlibrariesbalance their policy requiring computer authentica-tion with the obligation to provide public access togovernmentinformation?

■■ Docomputersprovidedforguestuse(openaccessorguestlogin)providedifferentsoftwareorcapabilitiesthanthoseprovidedtoaffiliatedusers?

■■ How many ARL libraries have written policies fortheuseofopen-accesscomputers?Ifapolicyexists,whatisit?

■■ How many ARL libraries have written policies forauthenticating guest users? If a policy exists, whatisit?

■■ Literature Review

Since the 1950s there has been considerable discussionwithinlibraryliteratureaboutacademiclibrariesserving“external,” “secondary,” or “outside” users. The subjecthas been approached from the viewpoint of access tothe library facility and collections, reference assistance,interlibraryloan(ILL)service,borrowingprivileges,and(more recently) access to computers and Internet privi-leges,includingtheuseofproprietarydatabases.

Dealeemphasizedtheimportanceofpublicrelationsto the academic library.3 While he touched on creatingbondsbothonandoffcampus,hedescribedthepositiveeffectof“privilegecards”tocommunitymembers.4Joseydescribed the variety of services that Savannah StateCollege offered to the community.5 He concluded hisessaywiththesewords:

Why cannot these tried methods of lending books tocitizens of the community, story hours for children . . . , a library lecture series or other forum, a greatbooksdiscussiongroupandtheuseofthelibrarystaff

In the fall of 2004, the Academic Computing Center, a division of the Information Technology Services Department (ITS) at Minnesota State University, Mankato took over responsibility for the computers in the public areas of Memorial Library. For the first time, affiliated Memorial Library users were required to authenticate using a campus username and password, a change that effectively eliminated computer access for anyone not part of the university community. This posed a dilemma for the librarians. Because of its Federal Depository status, the library had a responsibility to pro-vide general access to both print and online government publications for the general public. Furthermore, the library had a long tradition of providing guest access to most library resources, and there was reluctance to aban-don the practice. Therefore the librarians worked with ITS to retain a small group of six computers that did not require authentication and were clearly marked for community use, along with several standup, open-access computers on each floor used primarily for searching the library catalog. The additional need to provide computer access to high school students visiting the library for research and instruction led to more discussions with ITS and resulted in a means of generating temporary usernames and passwords through a Web form. These user accommodations were implemented in the library without creating a written policy governing the use of open-access computers.

O vertime, librarystaffrealizedthatguidelinesforguestsusingthecomputerswereneededbecauseofmisuseoftheopen-accesscomputers.Wewere

charged with the task of drafting these guidelines. Intypicallibrarianfashion,wesearchedwebsites,includingthoseofAssociationofResearchLibraries(ARL)membersforexistingcomputeraccesspoliciesinacademiclibraries.Weobtainedvery little information through this search,sowe turned toARLpublications forassistance.Library Public Access Workstation Authentication by Lori Driscoll,was of greater benefit and offered much of the neededinformation,butitwasdated.1Aresearchresultdescribed

lynne webber ([email protected]) is access Services librar-ian and peg lawrence ([email protected]) is Systems librarian, Minnesota State university, Mankato.

AutHeNticAtioN AND Access | weBer AND lAwreNce 129

providingservicetotheunaffiliated,hissurveyrevealed100percentofrespondinglibrariesofferedfree in-housecollection use for the general public, and many othersofferedadditionalservices.16

BrendaJohnsondescribedaone-dayprogramin1984sponsored by Rutgers University Libraries Forum titled“A Case Study in Closing the University Library to thePublic.”Theparticipatinglibrariansspentthedayfamil-iarizingthemselveswiththe“facts”ofthetheoreticalcaseandconcludedthatpublicaccessshouldberestrictedbutnotcompletelyeliminated.Afewmonthslater,consider-ation of closing Rutgers’ library to the public became arealdebate.Althoughtherewerestrongopposingview-points,therecommendationwastoretaintheopen-doorpolicy.17

Jansen discussed the division between those whowanted to provide the finest service to primary usersandthosewhoviewedthelibrary’smissionasincludingall who requested assistance. Jansen suggested specificways to balance the needs of affiliates and the publicandreferredtothedilemmatheUniversityofCalifornia,Berkeley, library that had been closed to unaffiliatedusers.18 Bobp and Richey determined that Californiaundergraduatelibrarieswereemphasizingservicetopri-maryusersata timewhen itwasno longerpractical toofferthesamelevelofservicetoprimaryandsecondaryusers.Theypresentedthreecoursesofaction:adherencetothestatusquo,adoptionofapolicyrestrictingaccess,orimplementationoftieredservice.19

Throughout the 1990s, the debate over the public’srighttouseacademiclibrariescontinued,withincreasingfocus on computer use in public and private academiclibraries.Newauthorizationandauthentication require-ments increased the control of internal computers, butthe question remained of libraries providing access togovernment information and responding to communitymemberswhoexpectedtousethelibrariessupportedbytheirtaxes.

Morgan,whodescribedhimselfasonewhohadspenthiscareerencouragingequalaccess to information,con-cludedthat itwouldbenecessarytouseauthentication,authorization, and access control to continue offeringinformationservicesreadilyavailableinthepast.20Martinacknowledged that libraryusewaschangingasa resultof the Internetand that thepublicviewed theacademiclibrarian as one who could deal with the explosion ofinformation and offer service to the public.21 Johnsondescribed unaffiliated users as a group who wanted allthe privileges of the affiliates; she discussed the obliga-tionoftheinstitutiontodeveloppoliciesmanagingtheseguestusers.22

Still and Kassabian considered the dual responsi-bilitiesoftheacademiclibrarytoofferInternetaccesstopublicusersandtocontrolInternetmaterialreceivedandsentbyprimaryandpublicusers.Further,theyweighed

as consultants be employed toward the building ofgoodrelationsbetweentownandgown.6

Later, however, Deale indicated that the generositycommoninthe1950s tooutsiderswasbecomingunsus-tainable.7DealeusedBeloitCollege,withan“opendoorpolicy”extendingmorethan100years,asanexampleofaschoolthathadfounditnecessarytorefuseout-of-librarycirculation to minors except through ILL by the 1960s.8

Also in 1964, Waggoner related the increasing difficultyofaccommodatingpublicuseoftheacademiclibrary.Heencouragedabalanceofresponsibilitytothepublicwiththe institution’s foremostobligation to the studentsandfaculty.9

InOctober1965,theadhocCommitteeonCommunityUse of Academic Libraries was formed by the CollegeLibrarySectionoftheAssociationofCollegeandResearchLibraries(ACRL).Thiscommitteedistributeda13-ques-tionsurveyto1,100collegesanduniversitiesthroughoutthe United States. The high rate of response (71 per-cent)wasconsiderednoteworthy,andthefindingswereexplored in “Community Use of Academic Libraries: ASymposium,”publishedin1967.10Theconcludingarticleby Josey (the symposium’s moderator) summarized thelenientattitudesofacademiclibrariestowardpublicusersrevealedthroughsurveyandsymposiumreports. Inthesamearticle,Joseyfollowedupwithhisownargumentsin favor of the public’s right to use academic librariesbecauseofthestateandfederalsupportprovidedtothoseinstitutions.11

Similarly, in 1976 Tolliver reported the results of asurveyof28Wisconsinlibraries(publicacademic,privateacademic,andpublic),whichindicatedthatrespondentsmadeagreatefforttoserveallpatronsseekingservice.12TollivercontinuedinadifferentveinfromJosey,however,byreportingthecurrentannualfiscalsupportforlibrariesin Wisconsin and commenting upon financial steward-ship. Tolliver concluded by asking, “How effective areour librarysystemsandcooperativeaffiliations inmeet-ingtheinformationneedsofthecitizensofWisconsin?”13

Muchoftheliteratureintheyearsfollowingfocusedonservingunaffiliatedusersata timewhenpublicandacademic libraries suffered the strain of overuse andunderfunding. The need for prioritization of primaryusers was discussed. In 1979, Russell asked, “Who areourlegitimateclientele?”andcounteredtheargumentforpubliclysupported librariesservingtheentirepublicbysayingthepublic“cannotfreelyusetheuniversitylawnmowers,motorpoolvehicles,computercenter,orathleticfacilities.”14Tenyearslater,Russell,Robison,andPratherprefacedtheirreportonasurveyofpoliciesandservicesfor outside users at 12 consortia institutions by saying,“The issue of external users is of mounting concern toan institutionwhose income is student credithourgen-erated.”15 Despite Russell’s concerns about the strain of


be aware of the issues and of the effects that licensing,networking, and collection development decisions haveon access.”35 In “Unaffiliated Users’ Access to AcademicLibraries:ASurvey,”Courtneyreportedandanalyzeddatafromherowncomprehensivesurveysentto814academiclibraries inwinter2001.36Of the527 libraries respondingtothesurvey,72libraries(13.6percent)requiredalluserstoauthenticatetousecomputerswithinthelibrary,while56 (12.4 percent) indicated that they planned to requireauthentication in the next twelve months.37 Courtneyfollowed this with data from surveyed libraries that hadcanceled“most”oftheirindexesandabstracts(179librar-ies,or33.9percent)andlibrariesthathadcancelled“most”periodicals (46 libraries or 8.7 percent).38 She concludedthat the extent to which the authentication requirementrestrictedunaffiliateduserswasnotclear,andsheasked,“As greater numbers of resources shift to electronic-onlyformats,isitdesirablethattheydisappearfromtheviewofthecommunityuserorthevisitingscholar?”39Courtney’s“Authentication and Library Public Access Computers:A Call for Discussion” described a follow-up with theacademic libraries participating in her 2001 survey whohad self-identified as using authentication or planningtoemployauthenticationwithin thenext twelvemonths.Her conclusionwas theexistenceof ambivalence towardauthenticationamongthelibraries,sincemorethanhalfoftherespondentsprovidedsomesortofpublicaccess.Sheencouraged librarians to carefully consider the library’scommitmenttoservicebeforeenteringintoblanketlicenseagreementswithvendorsoragreeingtocampuscomputerrestrictions.40

Several editions of theARL SPEC Kit series showingtrends of authentication and authorization for all usersof ARL libraries have been an invaluable resource inthis investigation. An examination of earlier SPEC Kitsindicated that the definitions of “user authentication”and “authorization” have changed over the years. User Authentication, byPlumandBleiler indicated that98per-centofsurveyedlibrariesauthenticatedusersinsomeway,but at that time authentication would have been morepreciselydefinedasauthorizationorpermissiontoaccesspersonalrecords,suchascirculation,e-mail,courseregis-tration,andfilespace.Assuch,neitherauthenticationnorauthorization was related to basic computer access.41 Bycontrast, it is common for current library users authenti-catetohaveanyaccesstoapublicworkstation.Driscoll’sLibrary Public Access Workstation Authentication soughtinformation on how and why users were authenticatedonpublic-accesscomputers,whowasdrivingthechange,howitaffectedtheabilityofFederalDepositorylibrariestoprovidepublicinformation,andhowitaffectedlibraryser-vicesingeneral.42ButatthetimeofDriscoll’ssurvey,only11percentofsurveyedlibrariesrequiredauthenticationonallcomputersand22percentrequireditonlyonselectedterminals.CookandShelton’sManaging Public Computing

the reconciliation of material restrictions against “prin-ciplesof freedomof speech,academic freedom,and theALA’s condemnation of censorship.”23 Lynch discussedinstitutionaluseofauthenticationandauthorizationandthegrowingdifficultyofverifyingbonafideusersofaca-demiclibrarysubscriptiondatabasesandotherelectronicresources. He cautioned that future technical designchoices must reflect basic library values of free speech,personal confidentiality, and trust between academicinstitutionandpublisher.24

Barsun specifically examined the webpages of onehundredARLlibrariesinsearchofinformationpertinenttounaffiliatedusers.Sheincludedahistoricoverviewofthechangingattitudesofacademicstowardservicetotheunaffiliated population and described the difficult bal-anceofcollegecommunityneedswiththoseofoutsidersin2000(thesurveyyear).25Barsunobservedaconsistentlackofinformationonlibrarywebsitesregardinglibraryguest use of proprietary databases.26 Carlson discussedacademic librarians’ concerns about “Internet-relatedcrimes and hacking” leading to reconsideration of opencomputeruse,andhedescribedtheneedtocompromisepatronprivacybyrequiringauthentication.27Inachapteron the relationship of IT security to academic values,Oblingersaid,“Onepossibleinterpretationofintellectualfreedom is that individuals have the right to open andunfiltered access to the Internet.”28 This statement wasfollowedlaterwith“equalaccesstoinformationcanalsobeseenasalogicalextensionoffairness.”29

AshortarticleinLibrary and Information Updatealertedthe authors to a UK project investigating improvedonline access to resources for library visitors not affili-atedwith thehost institution.30SalottidescribedHigherEducation Access to E-Resources in Visited Institutions(HAERVI)anditsdevelopmentofatoolkittoassistwiththecomplexitiesofofferingelectronicresourcestoguestusers.31Salottisummarizedexistingresourcesforsharingwithin the United Kingdom and emphasized that “nosingle solution is likely to suit all universities and col-leges,sowehopethatthetoolkitwillofferanumberofoptions.”32LaunchedbytheSocietyofCollege,Nationaland University Libraries (SCONUL), and UniversitiesandColleges InformationSystemsAssociation (UCISA),HAERVIhascreatedabest-practiceguide.33

ByfarthemostusefularticlesforthisinvestigationhavebeenthosebyNancyCourtney.“BarbariansattheGates:AHalf-CenturyofUnaffiliatedUsersinAcademicLibraries,”a literature review on the topic of visitors in academiclibraries, included a summary of trends in attitude andpracticetowardvisitinguserssincethe1950s.34Thearticleconcludedwithawarning:“Theshiftfromprintedtoelec-tronicformats...combinedwiththeintegrationoflibraryresourceswithcampuscomputernetworksandtheInternetposesadistinctthreattothepublic’saccesstoinformationeven onsite. It is incumbent upon academic librarians to


introductory letterwith the invitationtoparticipateandaforwardcontainingdefinitionsoftermsusedwithinthesurveyisinappendixA.

Intotal,61(52percent)ofthe117ARLlibrariesinvitedtoparticipateinthesurveyresponded.Thisiscomparablewith the response rate for similar surveys reported byPlumandBleiler(52of121,or43percent),Driscoll(67of124,or54percent),andCookandShelton(69of123,or56percent).45

1. What is the name of your academic institution? Thenames of the 61 responding libraries are listed inappendixB.

2. Is your institution public or private? See figure 1.Respondents’ explanations of “other” are listedbelow.

■❏ State-related■❏ Trust instrument of the U.S. people; quasi-

government■❏ Privatestate-aided■❏ Federalgovernmentresearchlibrary■❏ Both—privatefoundation,publicsupport

3. Are affiliated users required to authenticate in order to access computers in the public area of your library? Seefigure2.

4. If you answered “yes” to the previous question, does your library provide the means for guest users to authenticate?See figure 3. Respondents’ explanations of “other”are listed below.All described open-access comput-ers.

■❏ “Wehaveafew“open”terminals”■❏ “4computersdon’trequireauthentication”■❏ “Some workstations do not require authentica-

tion”■❏ “Open-access PCs for guests (limited number

andfunction)”■❏ “No—but we maintain several open PCs for

guests”■❏ “Someworkstationsdonotrequirelogin”

5. Is your library a Federal Depository Library? See fig-ure 4. This question caused some confusion for theCanadiansurveyrespondentsbecauseCanadahasitsownDepositoryServicesProgramcorresponding totheU.S.FederalDepositoryProgram.Consequently,57 of the 61 respondents identified themselves asFederalDepository(includingthreeCanadianlibrar-ies),although5of the61aremoreaccuratelymem-bers of the Canadian Depository Services Program.Only tworesponding librarieswereneitheramem-beroftheU.S.FederalDepositoryProgram noroftheCanadianDepositoryServicesProgram.

6. If you answered “yes” to the previous question, and com-puter authentication is required, what provisions have been made to accommodate use of online government documents by the general public in the library? Please check all that

touched on every aspect of managing public computing,includingpubliccomputeruse,policy,andsecurity.43Evenin 2007, only 25 percent of surveyed libraries requiredauthentication on all computers, but 46 percent requiredauthentication on some computers, showing the trendtoward an ever increasing number of libraries requiringpublicworkstationauthentication.Mostoftherespondinglibrarieshadacomputer-usepolicy,with48percentfollow-inganinstitution-widepolicydevelopedbytheuniversityorcentralITdepartment.44

■■ Method

Weconstructedasurveydesignedtoobtaincurrentdataabout authentication in ARL libraries and to provideinsight into how guest access is granted at various aca-demic institutions. It should be noted that the object ofthesurveywasaccesstocomputerslocatedinthepublicareasofthelibraryforusebypatrons,notaccesstostaffcomputers. We constructed a simple, fourteen-questionsurvey using the Zoomerang online tool (http://www.zoomerang.com/). A list of the deans, directors, andchief operating officers from the 123 ARL libraries wascompiled from an Internet search. We eliminated thefew library administrators whose addresses could notbe readily foundandsent the survey to117 individualswith therequest that itbe forwardedto theappropriaterespondent.Therecipientswereinformedthatthegoalofthe project was “determination of computer authentica-tion and current computer access practices within ARLlibraries”andthattheintentionwas“toreflectpracticesat themainorcentral library”ontherespondent’scam-pus.Recipientswerefurtherinformedthatthenamesofthe participating libraries and the responses would bereportedinthefindings,butthattherewouldbenolinkbetweenresponsesgivenandthenameoftheparticipat-ing library. The survey introduction included the nameandcontactinformationoftheinstitutionalreviewboardadministrator for Minnesota State University, Mankato.Potentialrespondentswereadvisedthatthee-mailservedas informed consent for the study. The survey wasadministered over approximately three weeks. We sentremindersthree,five,andsevendaysafterthesurveywaslaunchedtothosewhohadnotalreadyresponded.

■■ Survey Questions, Responses, and Findings

We administered the survey, titled “Authentication andAccess: Academic Computers 2.0,” in late April 2008.Following is a copy of the fourteen-question surveywith responses, interpretative data, and comments. The


■❏ “somecomputersareopenaccessandrequirenoauthentication”

■❏ “someworkstationsdonotrequirelogin”7. If your library has open-access computers, how many do

you provide? (Supply number). See figure 6. A totalof 61 institutions responded to this question, and50 reported open-access computers. The number ofopen-access computers ranged from 2 to 3,000. Asexpected, the highest numbers were reported bylibrariesthatdidnotrequireauthenticationforaffili-ates. The mean number of open-access computerswas161.2,themedianwas23,themodewas30,andtherangewas2,998.

8. Please indicate which online resources and services are available to authenticated users. Please check all that apply.Seefigure7.

■❏ Online catalog■❏ Government documents■❏ Internet browser

apply.Seefigure5.■❏ Temporary User ID and Password■❏ Open Access Computers (Unlimited Access) ■❏ Open Access Computers (Access Limited to

Government Documents)■❏ Other

Ofthe57librariesthatresponded“yes”toquestion5,30requiredauthenticationforaffiliates.Theseinstitutionsoffered the general public access to online governmentdocuments various ways. Explanations of “other” arelistedbelow.Threeoftheseresponsesindicate,bysurveydefinition,thatopen-accesscomputerswereprovided.

■❏ “catalog-onlyworkstations”■❏ “4computersdon’trequireauthentication”■❏ “genericloginandpassword”■❏ “librarianslogineachguestindividually”■❏ “provision made for under-18 guests needing

govdoc”■❏ “staffinGovInfoalsologinuserforquickuse”■❏ “restrictedguestaccessonallpublicdevices”

Figure 3. Institutions with the means to authenticate guests

Figure 4. Libraries with Federal Depository and/or Canadian Depository Services status

Figure 2. Institutions requiring authentication

Figure 1. Categories of responding institutions


11. Does your library have a written policy for use of open access computers in the public area of the library?Question 7 indicates that 50 of the 61 respondinglibrariesdidofferthepublictwoormoreopen-accesscomputers. Out of the 50, 28 responded that theyhadawrittenpolicygoverningtheuseofcomputers.Conversely,open-accesscomputerswerereportedat22librariesthathadnoreportedwrittenpolicy.

12. If you answered “yes” to the previous question, please give the link to the policy and/or summarize the policy.Twenty-eight libraries gave a URL, a URL plus asummary explanation, or a summary explanationwithnoURL.

13. Does your library have a written policy for authenticating guest users?Outofthe32librariesthatrequiredtheirusers to authenticate (see question 3), 23 also hadthe means to allow their guests to authenticate (seequestion 4). Fifteen of those libraries said they hadapolicy.

14. If you answered “yes” to the previous question, please give the link to the policy and/or summarize the policy.Eleven

■❏ Licensed electronic resources■❏ Personal e-mail access■❏ Microsoft Office software

9. Please indicate which online resources and services are available to authenticated guest users. Please check all that apply. Seefigure8.

■❏ Online catalog■❏ Government documents■❏ Internet browser■❏ Licensed electronic resources■❏ Personal e-mail access■❏ Microsoft Office software

10. Please indicate which online resources and services are available on open-access computers. Please check all that apply. Seefigure9.

■❏ Online catalog ■❏ Government documents■❏ Internet browser■❏ Licensed electronic resources■❏ Personal e-mail access■❏ Microsoft Office software

Figure 5. Provisions for the online use of government docu-ments where authentication is required

Figure 6. Number of open-access computers offered

Figure 7. Electronic resources for authenticated affiliated users (N = 32)

Number of libraries

Number of librariesNumber of libraries

Number of libraries

Figure 8. Resources for authenticating guest users (N = 23)


■■ Respondents and authentication

Figure 10 compares authentication practices of public,private, and other institutions described in response toquestion 2. Responses from public institutions outnum-bered those from private institutions, but within eachgroup a similar percentage of libraries required theiraffiliatedusers toauthenticate.Thereforenostatisticallysignificantdifferencewas foundbetweenauthenticatingaffiliatesinpublicandprivateinstitutions.

Of the61respondents,32 (52percent)requiredtheiraffiliated users to authenticate (see question 3) and 23of the32alsohad themeans toauthenticateguests (seequestion4).Theremaining9offeredopen-accesscomput-ers.Fourteenlibrarieshadboththemeanstoauthenticateguests and had open-access computers (see questions 4and7).

When we compare the results of the 2007 study byCook and Shelton with the results of the current study(completedin2008),theresultsaresomewhatcontradic-tory(seetable1).46

The differences in survey data seem to indicate thatauthenticationrequirementsaredecreasing;however,theliteraturereview—specificallyCookandSheltonandthe2003 Courtney article—clearly indicate that authentica-tion is on the rise.47 This dichotomy may be explained,inpart,bythefactthatofthemorethan60ARLlibrariesrespondingtobothsurveys,therewasanoverlapofonly34libraries.

The 30 U.S. Federal Depository or CanadianDepositoryServiceslibrariesthatrequiredtheiraffiliatedusers to authenticate (see questions 3 and 5) providedguest access ranging from usernames and passwords,to open-access computers, to computers restricted to

librariesgavetheURLtotheirpolicy;4summarizedtheirpolicies.

■■ Research questions answered

Thestudyresultedinanswerstothequestionsweposedattheoutset:

■■ Thirty-two (52 percent) of the responding ARLlibraries required affiliated users to login to publiccomputerworkstationsinthelibrary.

■■ Twenty-three (72 percent) of the 32 ARL librariesrequiringaffiliateduserstologintopubliccomputersprovidedthemeansforguestuserstologintopubliccomputerworkstationsinthelibrary.

■■ Fifty (82 percent) of 61 responding ARL librariesprovided open-access computers for guest users;14 (28 percent) of those 50 libraries provided bothopen-access computers and the means for guestauthentication.

■■ Without exception, all U.S. Federal Depository orCanadianDepositoryServicesLibrariesthatrequiredtheir users to authenticate offered guest users someformofaccesstoonlineinformation.

■■ Survey results indicated some differences betweensoftware provided to various users on differentlyaccessed computers. Office software was less fre-quentlyprovidedonopen-accesscomputers.

■■ Twenty-eight responding ARL libraries had writtenpoliciesrelatingtotheuseofopen-accesscomputers.

■■ FifteenrespondingARLlibrarieshadwrittenpoliciesrelatingtotheauthorizationofguests.

Figure 9. Electronic resources on open access computers (N = 50)

Figure 10. Comparison of library type and authentication requirement

Number of libraries


■■ Onelibraryhadguidelinesforusepostednexttotheworkstationsbutdidnotgivespecifics.

■■ Fourteen of those requiring their users to authen-ticate had both open-access computers and guestauthenticationtooffertovisitorsoftheirlibraries.

Otherpolicyinformationwasobtainedbyanexami-nationofthe28websiteslistedbyrespondents:

■■ Tenofthesitesspecificallystatedthattheopen-accesscomputerswereforacademicuseonly.

■■ Fiveofthesitesspecifiedtimelimitsforuseofopen-accesscomputers,rangingfrom30to90minutes.

■■ Fourstatedthattimelimitswouldbeenforcedwhenotherswerewaitingtousecomputers.

■■ One library used a sign-in sheet to monitor timelimits.

■■ Onelibrarymentionedareservationsystemtomoni-tortimelimits.

■■ Twolibrariesprohibitedonlinegambling.■■ Six libraries prohibited viewing sexually explicitmaterials.

■■ Guest-authentication policies

Of the 23 libraries that had the means to authenticatetheir guests, 15 had a policy for guests obtaining ausernameandpassword toauthenticate,and6outlinedtheirrequirementsofshowingidentificationandissuingaccess.Theother9hadopen-accesscomputersthatguestsmightuse.

The following are some of the varied approaches toguestauthentication:

■■ Duration of the access (when mentioned) rangedfrom30daysto12months.

■■ One library had a form of sponsored access wherecurrentfacultyorstaffcouldgrantatemporaryuser-nameandpasswordtoavisitor.

■■ One library had an online vouching system thatallowedthevisitortoissuehisorherownusernameandpasswordonline.

■■ OnelibraryallowedgueststoregisterthemselvesbyswipinganIDorcreditcard.

■■ One library had open-access computers for localresources and only required authentication to leavethelibrarydomain.

■■ One library had the librarians log the users in asguests.

■■ One library described the privacy protection of col-lectedpersonalinformation.

■■ No library mentioned charging a fee for allowingcomputeraccess.

government documents, to librarians logging in forguests(seequestion6).Numbersofopen-accesscomput-ersrangedwidelyfrom2tomorethan3,000(seequestion7). Eleven (19 percent) of the responding U.S. FederalDepositoryorCanadianDepositoryServiceslibrariesthatdidnotprovideopen-accesscomputers issueda tempo-rary ID (nine libraries),providedopenaccess limited togovernmentdocuments (one library),or required librar-ian login for each guest (one library).All libraries withU.S.FederalDepositoryorCanadianDepositoryServicesstatusprovidedameansofpublicaccess to informationtofulfilltheirobligationtooffergovernmentdocumentstoguests.

Figure11showsacomparisonof resourcesavailableto authenticated users and authenticated guests andofferedonopen-accesscomputers.Asmightbeexpected,almostallinstitutionsprovidedaccesstoonlinecatalogs,government documents, and Internet browsers. Fewerallowedaccesstolicensedelectronicresourcesande-mail.AccesstoOfficesoftwareshowedthemostdramaticdropinavailability,especiallyonopen-accesscomputers.

■■ Open-access computer policies

As mentioned earlier, 28 libraries had written policiesfortheiropen-accesscomputers(seequestion11),and28librariesgaveaURL,aURLplusasummaryexplanation,or a summary explanation with no URL (see question12). In most instances, the library policy included theircampus’sacceptable-usepolicy.Sevenlibrariescitedtheircampus’sacceptable-usepolicyandnothingelse.Nearlyalllibrariesappliedthesameacceptable-usepolicytoallusersonallcomputersandmadenodistinctionbetweenpolicies for use of open-access computers or computersrequiringauthentication.

Followingaresomeof thevariedaspectsofsumma-rizedpoliciespertainingtoopen-accesscomputers:

■■ Eightlibrariesstatedthatthecomputerswereforaca-demicuseandthatusersmightbeaskedtogiveuptheirworkstationifotherswerewaiting.

Table 1. Comparison of findings from Cook and Shelton (2007) and the current survey (2008)

Authentication requirements 2007 (N = 69) 2008 (N = 61)

Some required 28 (46%) 23 (38%)

Required for all 15 (25%) 9 (15%)

Not required 18 (30%) 29 (48%)


■■ Further study

Although the survey answered many of our questions,other questions arose. While the number of librariesrequiring affiliated users to log on to their public com-puters is increasing, this study does not explain whythis is the case. Reasons could include reactions to theSeptember 11 disaster, the USA PATRIOT Act, generalsecurityconcerns,ortheconvenienceofthepersonalizeddesktopandservicesforeachauthenticateduser.Perhapsa future investigation could focus on reasons for morefrequent requirement of authentication. Other subjectsthataroseintheexaminationofinstitutionalpolicieswereguestfeesforservices,agelimitsforyoungerusers,com-puter time limits for guests, and collaboration betweenacademicandpubliclibraries.

■■ Policy developed as a result of the survey findings

Asaresultofwhatwaslearnedinthesurvey,wedraftedguidelines governing the use of open-access computersbyvisitorsandothernon-universityusers.Theguidelinescan be found at http://lib.mnsu.edu/about/libvisitors.html#access. These guidelines inform guests that open-accesscomputersareavailabletosupporttheirresearch,study,andprofessionalactivities.Thecomputersalsoaregovernedby thecampuspolicyand thestateuniversitysystemacceptable-usepolicy.Guidelineprovisionsenablestafftoaskuserstorelinquishacomputerwhenothersarewaitingorifthecomputerisnotbeingusedforacademicpurposes. While this library has the ability to generatetemporary usernames and passwords, and does so forlocalschoolscomingtothelibraryforresearch,noguide-lineshaveyetbeenputinplaceforthisfunction.

Figure 11. Online resources available to authenticated affiliated users, guest users, open-access users


These practices depend on institutional missions andgoals and are limited by reasonable considerations. Inthe past, accommodation at some level was generallyofferedtothecommunity,butthecomplicationsofaffili-ateauthentication,guestregistration,andvendor-licenserestrictionsmayeffectivelydiscourageorpreventoutsideusers from accessing principal resources. On the otherhand,open-accesscomputersfacilitateaccesstoelectronicresources.Thoselibrarianswhowishtoprovidethesamelevelofcommitmenttoguestusersasinthepastaswellas protect the rights of all should advocate to campuspolicy-makers at every level to allow appropriate guestaccesstocomputerstofulfillthelibrary’smission.Inthisway,theneedsandrightsofguestuserscanbebalancedwiththeresponsibilitiesofusingcampuscomputers.

In addition, librarians should consider ensuringthatthelicensesofallelectronicresourcesaccommodatewalk-inusersanddevelopingguidelinestopreventincor-porationofelectronicmaterialsthatrestrictsuchuse.Thisisessentialifthelibrarytraditionoffreedomofaccesstoinformationistocontinue.

Finally,inregardtoexternalorguestusers,academiclibrarians are pulled in two directions; they are tornbetween serving primary users and fulfilling the prin-ciples of intellectual freedom and free, universal accessto information along with their obligations as FederalDepository libraries.At the same time, academic librar-ians frequently struggle with the goals of the campusadministrationresponsible forprovidingsecure, reliablenetworks, sometimes at the expense of the needs of theoutside community. The data gathered in this study,indicating that 82 percent of responding libraries con-tinue to provide at least some open-access computers,is encouraging news for guest users. Balancing publicaccess and privacy with institutional security, while acurrentconcern,mayberesolvedinthewayofsomanyearlier preoccupations of the electronic age. Given thepervasivenessoftheproblem,however,fairandequitabletreatmentofalllibraryusersmaycontinuetobeacentralconcernforacademiclibrariesforyearstocome.

References

1. LoriDriscoll,Library Public Access Workstation Authentica-tion, SPEC Kit 277 (Washington, D.C.:Association of ResearchLibraries,2003).

2. MartinCookandMarkShelton,Managing Public Comput-ing, SPEC Kit 302 (Washington, D.C.: Association of ResearchLibraries,2007):16.

3. H. Vail Deale, “Public Relations ofAcademic Libraries,”Library Trends7(Oct.1958):269–77.

4. Ibid.,275.5. E. J. Josey, “The College Library and the Community,”

Faculty Research Edition, Savannah State College Bulletin (Dec.1962):61–66.

■■ Conclusions

Whilewewereabletogathermorethan50yearsoflitera-turepertainingtounaffiliatedusersinacademiclibraries,itsoonbecameapparentthatthescopeofconsiderationchangedradically throughtheyears. In theearlyyears,there was discussion about the obligation to provideserviceandaccessforthecommunitybalancedwiththechallengetoservetwoclienteles.Despitelengthydebate,there was little exception to offering the communitysome level of service within academic libraries. Earlypreoccupationwithphysicalaccess,material loans, ILL,basicreference,andotherserviceslaterbecameadiscus-sionof the right tousecomputers,electronic resources,andotherserviceswithoutimposingunduedifficultytotheguest.

Current discussions related to guest users reflectobviouschangesinpubliccomputeradministrationoverthe years. Authentication presently is used at a morefundamental level than in earlier years. In many librar-ies,usersmustbeauthorizedtousethecomputerinanywaywhatsoever.Asmoreandmore institutions requireauthentication for their primary users, accommodationmustbemade ifguestsare tocontinuebeingserved. Inaddition, as Courtney’s 2003 research indicates, an everincreasing number of electronic databases, indexes, andjournalsreplaceprintresourcesinlibrarycollections.Thismultipliestheroadblocksforguestusersandexacerbatesthe issue.48Unless specialprovisionsaremade for com-puteraccess,communityusersareleftwithoutaccesstoamajorpartofthelibrary’scollections.

Because104ofthe123ARLlibraries(85percent)areFederal Depository or Canadian Depository ServicesLibraries, the researchers hypothesized that most librar-ies responding to the survey would offer open-accesscomputers for the use of nonaffiliated patrons. ThisstudyhasshownthatFederalDepositoryLibrarieshaveremainedtruetotheirmissionandobligationofprovid-ing public access to government-generated documents.EveryFederalDepositoryrespondentindicatedthatsomemeans was in place to continue providing visitor andguestaccesstothemajorityoftheirelectronicresources—whether through open-access computers, temporary orguestlogins,orevenlibrariansloggingonforusers.Whileaccesstogovernmentresourcesisrequiredforthelibrar-ies housing government-document collections, librariescan use considerably more discretion when consideringwhatotherresourcesguestpatronsmayuse.Despitethecommitmentof libraries to thedisseminationofgovern-ment documents, the increasing use of authenticationmayultimatelydiminish the libraries’abilityanddesiretoaccommodatetheinformationneedsofthepublic.

Thissurveyhasprovidedinsightintothevariouswaysacademic libraries serve guest users. Not all academiclibraries provide public access to all library resources.


IdentifyYourself,”Chronicle of Higher Education50,no.42(June25, 2004): A39, http://search.ebscohost.com/login.aspx?direct=true&db=aph&AN=13670316&site=ehost-live (accessed Mar.2,2009).

28. Diana Oblinger, “IT Security and Academic Values,” in LukerandPetersen, Computer & Network Security in Higher Edu-cation, 4, http://net.educause.edu/ir/library/pdf/pub7008e.pdf(accessedJuly14,2008).

29. Ibid.,5.30. “Access for Non-Affiliated Users,” Library & Information

Update7,no.4(2008):10.31. Paul Salotti, “Introduction to HAERVI-HE Access to

E-Resources in Visited Institutions,” SCONUL Focus no. 39(Dec. 2006): 22–23, http://www.sconul.ac.uk/publications/newsletter/39/8.pdf(accessedJuly14,2008).

32. Ibid.,23.33. Universities and Colleges Information Systems Asso-

ciation (UCISA), HAERVI: HE Access to E-Resources in Visited Institutions, (Oxford: UCISA, 2007), http://www.ucisa.ac.uk/publications/~/media/Files/members/activities/haervi/haerviguide%20pdf(accessedJuly14,2008).

34. NancyCourtney,“BarbariansattheGates:AHalf-CenturyofUnaffiliatedUsersinAcademicLibraries,”Journal of Academic Librarianship 27, no. 6 (Nov. 2001): 473–78, http://search.ebscohost.com/login.aspx?direct=true&db=aph&AN=5602739&site=ehost-live(accessedJuly14,2008).

35. Ibid.,478.36. NancyCourtney,“UnaffiliatedUsers’AccesstoAcademic

Libraries:A Survey,” Journal of Academic Librarianship 29, no. 1(Jan. 2003): 3–7, http://search.ebscohost.com/login.aspx?direct=true&db=aph&AN=9406155&site=ehost-live (accessed July14,2008).

37. Ibid.,5.38. Ibid.,6.39. Ibid.,7.40. Nancy Courtney, “Authentication and Library Public

Access Computers: A Call for Discussion,” College & Research Libraries News 65, no. 5 (May 2004): 269–70, 277, www.ala.org/ala/mgrps/divs/acrl/publications/crlnews/2004/may/authentication.cfm(accessedJuly14,2008).

41. TerryPlumandRichardBleiler,User Authentication,SPECKit 267 (Washington, D.C.: Association of Research Libraries,2001):9.

42. LoriDriscoll,Library Public Access Workstation Authentica-tion, SPEC Kit 277 (Washington, D.C.:Association of ResearchLibraries,2003):11.

43. CookandShelton,Managing Public Computing.44. Ibid.,15.45. Plum and Bleiler, User Authentication, 9; Driscoll, Library

Public Access Workstation Authentication, 11; Cook and Shelton,Managing Public Computing,11.

46. CookandShelton,Managing Public Computing,15.47. Ibid.;Courtney,Unaffiliated Users,5–7.48. Courtney,Unaffiliated Users,6–7.

6. Ibid.,66.7. H.VailDeale,“Campusvs.Community,”Library Journal

89(Apr.15,1964):1695–97.8. Ibid., 1696.9. John Waggoner, “The Role of the Private University

Library,”North Carolina Libraries22(Winter1964):55–57.10. E. J. Josey, “Community Use of Academic Libraries: A

Symposium,” College & Research Libraries 28, no. 3 (May 1967):184–85.

11. E.J.Josey,“ImplicationsforCollegeLibraries,”in“Com-munityUseofAcademicLibraries,”198–202.

12. Don L. Tolliver, “Citizens May Use Any Tax-SupportedLibrary?”Wisconsin Library Bulletin(Nov./Dec.1976):253.

13. Ibid.,254.14. RalphE.Russell,“ServicesforWhom:ASearchforIden-

tity,”Tennessee Librarian: Quarterly Journal of the Tennessee Library Association 31,no.4(Fall1979):37,39.

15. Ralph E. Russell, Carolyn L. Robison, and James E.Prather, “External User Access to Academic Libraries,” The Southeastern Librarian 39(Winter1989):135.

16. Ibid.,136.17. BrendaL.Johnson,“ACaseStudyinClosingtheUniver-

sityLibrarytothePublic,”College & Research Library News45,no.8(Sept.1984):404–7.

18. Lloyd M. Jansen, “Welcome or Not, Here They Come:Unaffiliated Users of Academic Libraries,” Reference Services Review21,no.1(Spring1993):7–14.

19. MaryEllenBobpandDeboraRichey,“ServingSecondaryUsers:CanItContinue?”College & Undergraduate Libraries1,no.2(1994):1–15.

20. Eric Lease Morgan, “Access Control in Libraries,” Com-puters in Libraries 18, no. 3 (Mar. 1, 1998): 38–40, http://search.ebscohost.com/login.aspx?direct=true&db=aph&AN=306709&site=ehost-live(accessedAug.1,2008).

21. Susan K. Martin, “A New Kind ofAudience,” Journal of Academic Librarianship24,no.6 (Nov.1998):469,Library, Infor-mation Science & Technology Abstracts, http://search.ebscohost.com/login.aspx?direct=true&db=aph&AN=1521445&site=ehost-live(accessedAug.8,2008).

22. Peggy Johnson, “Serving Unaffiliated Users in PubliclyFundedAcademicLibraries,”Technicalities18,no.1(Jan.1998):8–11.

23. JulieStillandVibianaKassabian,“TheMole’sDilemma:EthicalAspectsofPublicInternetAccessinAcademicLibraries,”Internet Reference Services Quarterly4,no.3(1999):9.

24. CliffordLynch,“AuthenticationandTrustinaNetworkedWorld,”Educom Review34,no.4(Jul./Aug.1999),http://search.ebscohost.com/login.aspx?direct=true&db=aph&AN=2041418&site=ehost-live(accessedJuly16,2008).

25. Rita Barsun, “Library Web Pages and Policies Toward‘Outsiders’:IstheInformationThere?”Public Services Quarterly1,no.4(2003):11–27.

26. Ibid.,24.27. Scott Carlson, “To Use That Library Computer, Please


Appendix A. The Survey Introduction, Invitation to Participate, and Forward

DearARLMemberLibrary,Aspartofaprofessionalresearchproject,weareattemptingtodeterminecomputerauthenticationandcurrentcom-

puteraccesspracticeswithinARLlibraries.WehavedevelopedaverybriefsurveytoobtainthisinformationwhichweaskonerepresentativefromyourinstitutiontocompletebeforeApril25,2008.Thesurveyisintendedtoreflectpracticesatthemainorcentrallibraryonyourcampus.

Names of libraries responding to the survey may be listed but no identifying information will be linked to yourresponsesintheanalysisorpublicationofresults.Ifyouhaveanyquestionsaboutyourrightsasaresearchparticipant,pleasecontactAnneBlackhurst,MinnesotaStateUniversity,MankatoIRBAdministrator.

AnneBlackhurst,IRBAdministratorMinnesotaStateUniversity,MankatoCollegeofGraduateStudies&Research115AlumniFoundationMankato,MN56001(507)[email protected]

Youmaypreviewthesurveybyscrollingtothetextbelowthismessage.If,afterpreviewingyoubelieveitshouldbehandledbyanothermemberofyourlibraryteam,pleaseforwardthismessageappropriately.Alternatively,youmayprintthesurvey,answeritmanuallyandmailitto:

Systems/AccessServicesSurveyLibraryServicesMinnesotaStateUniversity,MankatoML3097—POBox8419Mankato,MN56001-8419(USA)

Weaskyouoryourrepresentativetotake5minutestoanswer14questionsaboutcomputerauthenticationpracticesinyourmainlibrary.Participationisvoluntary,butfollow-upreminderswillbesent.Thise-mailservesasyourinformedconsentforthisstudy.Yourparticipationinthisstudyincludesthecompletionofanonlinesurvey.Yournameandiden-titywillnotbelinkedinanywaytotheresearchreports.Clickingthelinktotakethesurveyshowsthatyouunderstandyouareparticipatingintheprojectandyougiveconsenttoourgrouptousetheinformationyouprovide.Youhavetherighttorefusetocompletethesurveyandcandiscontinueitatanytime.Totakepartinthesurvey,pleaseclickthelinkatthebottomofthise-mail.

Thankyouinadvanceforyourcontributiontoourproject.Ifyouhavequestions,pleasedirectyourinquiriestothecontactsgivenbelow.

Thankyouforrespondingtoourinvitationtoparticipateinthesurvey.Thissurveyisintendedtodeterminecurrentacademiclibrarypracticesforcomputerauthenticationandopenaccess.

Yourparticipationisgreatlyappreciated.Belowarethedefinitionsoftermsusedwithinthissurvey:

■■ “Authentication”:ausernameandpasswordarerequiredtoverifytheidentityandstatusoftheuserinordertologontocomputerworkstationsinthelibrary.

■■ “Affiliateduser”:alibraryuserwhoiseligibleforcampusprivileges.■■ “Non-affiliateduser”:alibraryuserwhoisnotamemberoftheinstitutionalcommunity(analumnusmaybeanon-affiliateduser).Thismaybeusedinterchangeablywith“guestuser.”

■■ “Guestuser”:visitor,walk-inuser,nonaffiliateduser.■■ “OpenAccessComputer”:Computerworkstationthatdoesnotrequireauthenticationbyuser.


Appendix B. Responding Institutions

1. UniversityatAlbanyStateUniversityofNewYork2. UniversityofAlabama3. UniversityofAlberta4. UniversityofArizona5. ArizonaStateUniversity6. BostonCollege7. UniversityofBritishColumbia8. UniversityatBuffalo,StateUniversityofNY9. CaseWesternReserveUniversity

10. UniversityofCaliforniaBerkeley11. UniversityofCalifornia,Davis12. UniversityofCalifornia,Irvine13. UniversityofChicago14. UniversityofColoradoatBoulder15. UniversityofConnecticut16. ColumbiaUniversity17. DartmouthCollege18. UniversityofDelaware19. UniversityofFlorida20. FloridaStateUniversity21. UniversityofGeorgia22. GeorgiaTech23. UniversityofGuelph24. HowardUniversity25. UniversityofIllinoisatUrbana-Champaign26. IndianaUniversityBloomington27. IowaStateUniversity28. JohnsHopkinsUniversity29. UniversityofKansas30. UniversityofLouisville31. LouisianaStateUniversity32. McGillUniversity

33. UniversityofMaryland34. UniversityofMassachusettsAmherst35. UniversityofMichigan36. MichiganStateUniversity37. UniversityofMinnesota38. UniversityofMissouri39. MassachusettsInstituteofTechnology40. NationalAgriculturalLibrary41. UniversityofNebraska-Lincoln42. NewYorkPublicLibrary43. NorthwesternUniversity44. OhioStateUniversity45. OklahomaStateUniversity46. UniversityofOregon47. UniversityofPennsylvania48. UniversityofPittsburgh49. PurdueUniversity50. RiceUniversity51. SmithsonianInstitution52. UniversityofSouthernCalifornia53. SouthernIllinoisUniversityCarbondale54. SyracuseUniversity55. TempleUniversity56. UniversityofTennessee57. TexasA&MUniversity58. TexasTechUniversity59. TulaneUniversity60. UniversityofToronto61. VanderbiltUniversity

Copyright of Information Technology & Libraries is the property of American Library Association and its

content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's

express written permission. However, users may print, download, or email articles for individual use.