Identify Terms of Use

 

 

Process Module: Deliver Entity

Process Title: Identify Terms of Use

Definition: Process where a resource that has been requested is checked for terms of access and preconditions of use.  The resource’s metadata or an attribute store is checked for rights and requirements, for example,  copyright status; user attributes required to access the resource; licenses, contracts, or agreements for use of the resource; and controls such as time limits, number of simultaneous users, and fees.

Workflow / Process Diagrams:

 

Use Cases: A requested resource is checked for availability, access attributes, and usage fees.  Do the resource attributes allow access by the requestor, such an enrollment in a course or membership in a university of consortium?  Are there preconditions on use such as copyright, usage fees, or limits on number of simultaneous users?

Reference(s):

  1. (NLA Services Framework 1.1: Authenticate) Verify whether an identity claim made by an individual or entity (the principal) is true. The principal may be a person using a computer, the computer itself, or a computer program.
  2. (NLA Services Framework 1.2: Authorise) Establish if an authenticated principal is permitted to perform a specific operation based on policy
  3. (e-Framework Service Genre: Authenticate) Describes authentication, the process of uniquely identifying an individual or entity (the principal) based on objects provided for verification (credentials). Credentials should be difficult to falsify or forge, either by keeping them secret or by making them difficult to replicate. Authentication seeks to ensure that the principal is who they claim to be. The degree of certainty varies according to implementation and business context. Authentication typically verifies the principal’s association with an electronic identifier. Authentication may also determine that the principal has certain attributes or is a member of specified or predetermined groups. In security systems, authentication is distinct from authorization, which is the process of establishing what a principal is permitted to do, their access rights to system objects based on their identity.
  4. (e-Framework Service Genre: Authorise) Process of establishing what a principal is permitted to do. Authorisation typically occurs after authentication so that the principal can be identified. Authorisation may also use a principal’s attributes, information about what the principal is intending to do (the target), and environment information to make authorisation decisions.
  5. (CollectionSpace Functional Requirements: Rights Management) The management and documentation of the rights associated with the objects and information for which the organization is responsible for, in order to benefit the organization and to respect the rights of others.