When an institution begins participating in JSTOR, it is with the understanding that access to the archive is available to all faculty, staff and students affiliated with that institution, regardless of their location. Technologically, though, it is not always easy to provide remote access to these authorized users. Like most content providers, JSTOR's primary method of allowing restricted access is based on IP authentication. Currently there is no single remote access solution available that perfectly balances the needs of individuals, campuses, and content providers such as JSTOR, but there are some solutions that we believe can serve to supplement IP authentication and make remote access easier for all concerned.

The JSTOR Logon Script: JSTOR's logon script is one of the quickest and simplest solutions available to our participants. This script, developed by JSTOR technical staff, can be installed on a server belonging to a participating library or institution. The script is very simple, easy to install, and requires only two conditions: that the campus has a secure Web server from where the script can be run, and that there be an existing authentication method in place at that institution. Users may enter via the link from any location. Once a user has been authenticated, the process of connecting to JSTOR is invisible to them. Information about the logon script, as well as specific instructions for installing it, is available at: www.jstor.org/about/script.html. We are happy to consult with our participants to determine if this script will work within their local campus environment.

Proxy Servers: Different types of proxy servers exist, and the decision about which type to use depends upon a combination of technical and user issues. JSTOR staff is available to discuss any questions regarding remote access issues, and we will work with participants to make sure the proxy server will provide access to JSTOR without any difficulties. Further background information about proxy servers is available at: www.jstor.org/about/remote.html.

Digital Certificates: One of the most promising authentication solutions for remote access is the use of digital certificates. While their use is not yet widespread among our participating institutions, the technology has distinct advantages over current authentication methods. For this reason JSTOR has assumed a leadership role in the library community in the testing and implementation of digital certificates. According to Spencer Thomas, JSTOR's Technology Coordinator, "Digital certificates can provide a single, standards-based method of authentication for all on-line applications. They are portable, and do not rely on the user's location or network address. This means that they are ideal for use by off-campus students, faculty, or staff who are otherwise denied access to resources controlled by IP address." The use of digital certificates promises a secure and easy means of authentication for remote access to electronic resources. Digital certificates are digital files that can certify the identity and affiliation of an individual seeking to access a digital resource.

At this time, all major browsers are able to work with digital certificates. Once certificates have been installed in a user's browser, the access system is invisible to the end user ? the certificates will handle the authentication and logon processes. And, unlike the direct logon access method, a user's access to multiple sites is seamless. Enabling this technology does require a higher level of investment on the part of an institution. Universities need to manage the distribution of certificates, and users need to install certificates in every machine that they use for access to licensed content. It also requires the cooperation of content providers in accepting certificates, which also represents an increased investment. JSTOR is making these investments now in an effort to facilitate the use of digital certificates for the benefit of the library community.

JSTOR has been involved in the development of certificate-based authentication since early 1998. Spencer Thomas is a member of the Digital Library Federation's Authentication Architecture Working Group, and has also worked closely with the Corporation for Research and Educational Networking in the development of their certificate authority procedures. Currently, Thomas is testing JSTOR's use of digital certificate architecture with a small number of institutions, and is preparing for a larger test phase. In taking these steps, JSTOR is developing the technical infrastructure necessary for accepting certificates, and will be ready to incorporate this method of access as soon as it begins to be used by our participants. For those sites that are able to invest in this technology, it promises to be an exciting solution. Institutions that are considering the use of digital certificates may contact JSTOR for more information about these developments.

Last updated on September 8, 2006