Authentication and authorization: security issues for institutional digital repositories.

Author:Shoeb, Zahid Hossain


In this digital age and the development of Information and Communication Technology (ICT) many organizations have realized the benefits of sharing information within the organization as well within the community and globally. These organizations may be corporate company, research organization or academic institutions. In the academic institutions with the higher education, information capturing, dissemination and sharing is practiced most. In spite of Open Source Drive, in the highly competitive environment, many university or colleges raise a paradox between allowing information and knowledge to flow freely, and the need to keep certain information very secure. In restricted or closed-information environment secured information channel, authorization and authentication of both users and digital contents are a burning issue today. Digital contents are managed and stored in repository to share. Repository of an institution can support research, learning, and administrative processes as well as purposes. Standards are followed for the repositories which ensure that the contents contain is accessible in that and it can be searched and retrieved for later use. A wide variety of contents may be included in the digital repositories for the multiplicity of purposes and users. It is the technical ability and administrative policy decision that what kind of materials goes into a repository (Jones, et al 2006). A proper digital repository not only requires an organized collection of digitized content, it also requires that the content be accessed and distributed as widely as possible to legitimate users around the globe. Access management and control is one of the major concerns for content-providers on the Internet. Without a proper access management mechanism confidentiality and integrity of information cannot be guaranteed. Different conventional methods are practiced by the content-providers but not a single method is sufficient for access management (Ray and Chakraborty, 2006). However, the administrators of the digital content-providers mostly expect their preferences for the technology or the procedure to be available which may be best practiced globally.


Initially, substantial amount of literatures have been reviewed to come up with an idea for formulating this paper which is a review by type. The researches, practices, progresses, development and successes for the access management specially authentication and authorization are reviewed to see the global practices by the repository administrators or managers. Even in Bangladesh there are very few repositories, and the repository managers are interviewed by the author though all are examined also to see the status. Though there are very common types of process or methods observed where traditional or built in securities of repository software or operating systems are adopted most. Based on review and local managers interview this paper gives idea about the current practices about authentication and authorization.

Access Management

Access management typically is a combination of users' authentication and authorization, access permission operations, policies for license agreement and digital materials authentications or digital rights management. Authentication is the process of determining the validity of a user who claims to be, and authorization is the process of determining what resources a user is permitted to access. Digital Rights Management (DRM) is a system of solutions created or designed as a means to prevent unauthorized access, duplication and illegal distribution of copyrighted digital media. In online environment, the scope of DRM can be leveraged to control access to and usage of digital objects and to impose restrictions on their misuse (Functional Groups, 2009). Access Management ensures security of resources on servers but also during communication to ensure authenticity and integrity of data. It is possible for an unauthorized user to snoop on communication between a user's browser and a Web server and hack sensitive information. Occurrences of unauthorized user getting access to important Web sites and defacing them are not uncommon. Electronic content can be copied very...

To continue reading