Much ado about licences and subscriptions

  • This resource is free – therefore we don’t have a subscription
  • Why do we need a licence if the subscription doesn’t cost anything?
  • Why can’t we give walk-in users or retired members of staff the same access to e-resources as current students and staff?
  • I don’t pay for this resource, therefore it is free
  • Why can’t I share my login with my housemate/friend/partner?
  • Logging in to library resources is a pain – why do we have to do it?
  • If the library has bought this resource, why can’t we do what we like with it?

I am regularly asked these types of questions, and this blog post distills the essence of my responses.

What is a licence?

To license means to grant permission.  A licence may be issued by a licensor to allow a licencee an activity that would otherwise be forbidden.

What is a license?

An American licence 🙂 Licence and licenseSee also: practice/practise, and advice/advise.

But it’s ‘licensor’ in both British English and American English…

Examples of licences

The CLA licence is well-known in universities, where it allows University members limited rights to legally copy, share or re-use legally works which would otherwise be covered only by copyright law (which prevent others from copying or reproducing someone’s work).

Examples of licencees

A licence can be agreed between a licensor and an individual licencee (e.g. relating to ebook on a personal ereader), or by an organisation on behalf of and for many individuals (e.g. a university library, for the library’s users).

In the example of the university library, a licence will usually have a section relating to authorised users, which sets out which library users are included in the agreement.  By omission, it also indicates the types of users which are not permitted.  This is why some user groups such as walk-in users are allowed access to some e-resources and not others, because we can only legally give them access to resources whose licences name walk-ins as authorised users.

E-resources access is limited to authorised users only by the use of authentication – usually by logging in with a valid university user ID and password.

What is a subscription?

A subscription is an arrangement to receive something.  It can apply to publications which are updated on a regular basis, such as journals, where the subscriber receives the new content at intervals as part of the agreement; or to a database, or archive database.

Subscriptions often involve payment, but not always. Examples of payment-free subscriptions include databases to which a national agreement is in place to allow access for users in higher education, but for which individual universities are not required to pay.

It is important to realise that even if a subscription is free, a licence will usually apply nonetheless.

 Multiple meanings of “free”

“Free” can mean that no payment is involved, or it can mean that users are at liberty to use a product or service as they wish.  Because “free” can mean these two very different things, it is helpful to use the terms “gratis” (no payment) and “libre” (liberal use) to differentiate between them.

A gratis subscription is rarely also libre, sometimes because of the relevant licence, and almost always because of copyright law.

See also my post An introduction to Open Access for academics, explaining gratis and libre in terms of Open Access.

Liability and awareness

If the terms of a licence are not followed, there can be a range of consequences.  It is important that users who will be bound by such terms are made aware of them.  This is why the CLA Licence is displayed next to university library photocopiers, and when accessing a database, users are often asked to accept the terms as part of the process of logging in.

Unfortunately, the wording of many licences is verbose and impersonal, which leads to many people not reading the details, or realising that they have important legal consequences.

“I acknowledge that I have read and agree to the above Terms and Conditions” is often reported to be a checkbox ticked by software users without reading the documents, let alone agreeing to them.  It also annoys my academic colleague Chris Baldwin, who teaches Contract Law, and has to point out repeatedly that ‘conditions’ means the same as ‘terms’, making the duplication a grammatical tautology.

The lack of attention paid to reading the small print has been the subject of pranks where clauses included forfeiting your soul, or assigning your firstborn child to the licensor for the duration of eternity (the “Herod clause”).   Luckily for the licencees, these clauses were not enforced.  The moral is: read the terms.

Apple terms and conditions

Adam & Eve: the first people to not read the Apple terms & conditions

Source: Reddit (warning: some fruity language in the comments)

#ISEWLib2014 Collection management and e-resources

Main post: #ISEWLib2014 at the University of Helsinki Library

Top tip: use reference lists from dissertations to help inform decisions on which are the most important journals.

Are students satisfied with ebook-only?  Some replies I received on Twitter:

  • daveyp @laurajwilkinson I’d say the stats we’ve got show the answer is increasingly “yes”, despite DRM & iffy vendor platforms
  • MT @daveyp We’ve not crunched stats properly, but seems age is a factor with younger students more likely to have higher usage
  • MT @daveyp average number of ebook platform logins per student per year is growing an at exponential rate for us at the moment
  • .@daveyp That’s what we do [buy e where available, and fewer print copies]. Students say they prefer print, but data suggests they use e if no print alternative
  • MT @ostephens when asked, students still want print but are pragmatic & pref[erence] depends on task, location etc
  • MT @daveyp given increase in [ebook] usage, I think libs should be pushing pub[lisher]s harder for a better user experience

Idea of restricting ebook access to subject groups of students to reduce costs, but higher risk of breach of licence (if the “wrong” students gain access), and reduced opportunity for interdisciplinary work if readers can’t access texts outside their field.

Helsinki Uni Library’s online acquisition proposal form for students & academics to make recommendations.  They also use patron-driven acquisition (PDA) and evidence-based selection (EBS).

We discussed the legal/logistical issues around selling deselected books to students.  I liked the idea of using the money raised to buy plants for the library!

39 Library is the smartphone

“Library is the smartphone, smartphone is the library”

Terkko Navigator – an excellent site.  It’s a single search interface with all the usual info sources, plus library and academic staff profiles, and RSS feeds.  Please will a funding body give @Terkko money to make the system open source so we can all use it?  The journal and database functionality is powered by SFX and MetaLib, the rest is built in-house.  Various journal metrics are displayed alongside journal titles.

Eevaliisa Colb’s presentation on Digital Libraries Now.

The library has a duty to serve the university community and the public community.  Machines are users too! [think libre open access and machine indexing]

Aalto chair – a tool for strategic IT planning:

59 Aalto chair 2

Seat = our service offer; legs = customer-centredness, cooperation, ‘more with less’

‘More with less’: In IT, anything is possible; but we must prioritise – we can’t do everything for everyone.

KITT – Finnish research library statistics database

45 KITT - Finnish research library statistics databaseLayers of authentication for Helsinki Uni e-resources: Shibboleth-type single sign-on is widely used (Haka is the Finnish uni federation), and IP address access too.  As in the UK, there is a mismatch between the potential granularity of SSO and the reality of ‘authorised user’ clauses in most e-resources licences.

“IT should be the servant of library services, not the master”

Importance of informal contact and regular communication between library & IT in working well together.  It was reassuring to learn that many of our e-resources issues are common to all our countries.  For example, licence compliance; especially when tech or Uni business model exceeds imagination of the licence.

E-Resources – less frequently asked questions

This post follows on from E-Resources FAQ

A short history of remote or off-campus access

Eduserv developed the Athens system for remote access to e-resources.  It worked as a list of usernames and passwords hosted by Eduserv, and it allowed off-campus access without the need for VPN (which would authenticate the user via IP address).  VPN installation is not always easy (Mac users?) or possible (people in internet cafes or other places where they can’t download software onto the computer they’re using), and so was a great leap forward.

However, it was costly: JISC funded Athens access for UK higher education institutions and publishers also had to pay for it to work with their products.  JISC funded the access via Eduserv, but Athens was not a JISC product.

More recently, Shibboleth was developed as an open source software solution for web single sign-on for organisations, so it is free to use for both institutions and publishers.  In July 2008, JISC withdrew funding for Athens and started up their own access management organisation, The UK Access Management FederationAthens authentication continues to exist and is available on a subscription basis.

Hardly any US-based publishers (e.g. Highwire) used Athens, so switching to Shibboleth authentication meant that a wider range of resources was available off-campus than ever before.

Shibboleth is the technology that underlies our Oxford SSO (single sign-on) system.

What is EZproxy and how does it work with SSO?

EZproxy is another tool for remote access and it works by mimicking the Oxford IP range (like VPN):

EZproxy helps provide users with remote access to Web-based licensed content offered by libraries. It is middleware that authenticates library users against local authentication systems and provides remote access to licensed content based on the user’s authorization

Many e-journals and databases work with “Shibbolised” EZproxy, in which the proxy server is accessed via SSO.  The user is authenticated via SSO and then access to the proxy server is enabled, allows access to the resource via IP address authentication.  This means that IP-authenticated resources which aren’t SSO-compliant can be accessed off-campus using SSO via Shibbolised EZproxy.

E-resources access and walk-in users

EZproxy doesn’t kick in on-campus, so IP-authenticated resources allow walk-in user access.  In universities, walk-in users are visiting scholars or people with reader access who are not members of the University, and do not have SSO accounts.

Some publishers (usually in the legal or business fields) do not want to allow walk-in user access to their resources, so they require SSO authentication even on-campus.  Shibboleth access is secure and also gives them log files of user activity, so they can trace anyone they suspect of breaking the terms of their licence, for example by systematic downloading of their content.

Usernames and passwords

A few publishers still rely on username and password authentication based on usernames that they issue.  Typically, these are legal databases whose business model involves selling access to a few people at a variety of institutions in the commercial sector, and so they are not set up for other authentication methods.

These usernames and passwords are then stored on an SSO-protected website, such as Weblearn, our university’s virtual learning environment.

Other advantages of SSO over Athens

SSO provides more up-to-date authentication, as it retrieves user information from the identity provider each time access is requested.  The usernames and passwords hosted by Eduserv were only updated every month or so, so someone who had previously been a member of the University would often still be able to access resources for some time after they left.  SSO permissions can be finely tuned so that a student will lose their e-resources access immediately after finishing their course, but retain SSO access to their email until several months later.  Users are more aware of the value of their SSO, since it lets them in to so many services, and are less likely to share (or sell) it to other (non-University) people.  This had been a problem in the past with Athens usernames and passwords.

How Shibboleth works

The aim of a single sign-on system is to be able to access multiple resources with a single identity.  A variety of service providers (SPs, such as e-resources publishers) can sign up to work with Shibboleth, and a range of identity providers (IdPs, such as universities) can have users’ accounts verified by Shibboleth:

Shibboleth acts as a mediator between the services and the users (with different identities, affiliations and levels of permissions).  Therefore, when you access ScienceDirect via SSO, Shibboleth checks who you are and details about the service you are trying to access.  If it can identify you as a member of the University of Oxford and verify that the University has a current subscription to ScienceDirect, it will allow you access.

To reward you for reading this far, here’s a gory story about where the term shibboleth comes from.

E-Resources FAQ

This is a collection of things I wish everyone knew about e-resources.  Whether this area is new to you or not, I hope you find something useful here; and do let me know about any points I’ve missed in the comments.

What are e-resources?

E-resources are also known as electronic resources and there are two main types: e-journals (or electronic journals) and databases.

Many e-journals are digital copies of print journal articles, but increasingly e-journal articles are published without a print analogue.

There are several kinds of databases

  • Bibliographic – this type of database is a collection of references to published literature.  It functions in a similar way to a library catalogue, but indexes details of articles rather than books
  • A&I (abstracting and indexing) – in addition to bibliographic details, this type of database also contains abstracts of the individual articles
  • Full text – a database which includes the full text of all the articles it has indexed
  • Data/statistics – a collection of numbers and facts which you can query in order to extract a particular dataset.  A database in the purest sense of the word.
  • Images – a database containing a searchable index of images and the images themselves

What does full text mean?  Full text refers to an e-resources that makes available online the whole contents of journal articles, not just the abstract or citation.  Full text articles are often subscription resources, requiring an individual or institutional account for access.

What is an abstract?  An abstract is a summary of a journal article, often published at the beginning of the article.

What is a platform? A platform is a website which hosts content or programs.  Examples include JSTOR and ISI Web of Knowledge (which hosts a number of databases including, confusingly, Web of Science).

What is SFX?  SFX is an OpenURL link resolver, which works by compiling a list of all the journals to which an institution (such as a university) is subscribed and linking to that content.  Primarily, it functions to allow you to search an institution’s subscriptions to see if you can access a particular e-journal, and which years are included in the subscription.  At Oxford University, SFX is locally branded as OU eJournals and is one of a number of resources whose contents are searchable via SOLO.

What is MetaLib?  MetaLib is a search system which allows you to search for resources, link to them, and (in some cases) search within them.  This is not possible for all resources, as they need to be compliant with a protocol called Z39.50 in order to be searchable.  At Oxford University, MetaLib is locally branded as OxLIP+ and is one of a number of resources whose contents are searchable via SOLO.

What is a paywall?  A paywall is a barrier to a website which requires you to authenticate to view the content.  Usually, this requires a paid subscription.  An important implication of this is that any content behind a paywall is not indexable by search engines and therefore will not appear in the search results.  Not everything on the Internet is known to Google.

There are several methods of authentication

Internet Protocol (IP) – the IP address of your computer identifies where you are in the world, and is also used by sites like BBC iPlayer which use your IP address to check which country you are in.  If you are using the university’s computing facilities on campus, the computer you’re using will have an IP address within the university’s main range, which is detected by the e-resource you are trying to reach and access will be granted.  Working “off-campus” means that you are off the university network, perhaps using your own laptop in a university library or working from your own home.  This means that your computer’s IP address is not within the institution’s IP range and you will need a different method of access.  VPN software is commonly used to solve this issue and it works by extending the institution’s network to your computer, thereby bringing it into its IP range.

Want to find out your IP address?  Just go to

Single sign-on (SSO) – logging in via SSO identifies you as a member of an institution (such as a university) and therefore allows you access.  A great advantage of SSO login is that your authentication can be pushed from one site to another via your browser, so you don’t have to keep logging in when you go to a different subscription site that accepts SSO authentication.

Username and password – the old school method.  Nowadays, this only really applies to a small number of really expensive resources, where tight budgets or low demand mean that a several-user subscription than whole-campus access has been purchased.  There may only be (for example) 5 usernames and passwords for the resource, and if all 5 are in use, you will need to wait until someone has logged out so that you can use that ID to log in afresh.

Also good to know

What is a session identifier?  Session IDs or tokens are commonly used in online shopping sites and data/statistics databases.  These types of sites combine a variety of information to produce the page you are viewing, rather than retrieving a pre-prepared HTML page.  The session ID is used to track the individual user’s actions during the course of their session on the site.  Your shopping cart contents or dataset only exists because you have selected and combined certain elements during the session, which will time out after an order is finalised, or the user logs out, or after a period of inactivity.

URLs which contain “session” or “sid” indicate a session ID, and are not persistent.  If you are attempting to link to a resource, check the URL: if it contains a session ID, the URL will not work when someone tries to follow it later on because the session will have timed out.

Some e-resources have embargoes which are periods during which access is not allowed (usually to protect the publishers’ interests, or in JSTOR’s words “protect the economic sustainability of our content providers”).  There are several types of embargo:

  • A rolling or moving wall – a fixed period of months or years.   For example, most journals in JSTOR have an embargo of 3 or 5 years, and as a new issue is published, its equivalent from 3 or 5 years before will become available on JSTOR.
  • An annual cycle – for example, all content before 1st January of this year is available.  This will add another year to the archive on 1st January of each year
  • A fixed date – for example, only content before 2005 is available

If you’re carrying out research in your subject area, make sure you don’t rely exclusively on resources with embargoes, as you will be missing current and recent material.

E-resources and copyright – keep your use legal!

Most e-resources publishers have a ‘fair dealing’ arrangement which allows you to print or save one article per journal issue.  Downloading an article happens when you view the article on screen, not just if you save it.  Please be aware that systematic downloading is not permitted under fair dealing arrangements and may compromise your institution’s access to the resource.  Also, remember that your access to e-resources is for your own research and learning only, and you may not email pdfs or other downloaded documents to anyone outside your institution.

See also: E-Resources – less frequently asked questions for the next part of the story…