Volume 5, Issue 7, September 1998
Telecommunications Electronic Reviews (TER) is a publication of the Library and Information Technology Association.
Telecommunications Electronic Reviews (ISSN: 1075-9972) is a periodical copyright © 1998 by the American Library Association. Documents in this issue, subject to copyright by the American Library Association or by the authors of the documents, may be reproduced for noncommercial, educational, or scientific purposes granted by Sections 107 and 108 of the Copyright Revision Act of 1976, provided that the copyright statement and source for that material are clearly acknowledged and that the material is reproduced without alteration. None of these documents may be reproduced or adapted for commercial distribution without the prior written permission of the designated copyright holder for the specific documents.
Contents:
- REVIEW OF: Paul Miller and Daniel Greenstein, eds. Discovering Online Resources Across the Humanities: A Practical Implementation of the Dublin Core. by Priscilla Caplan
- REVIEW OF: Rolf Oppliger. Internet and Intranet Security. by Mark Cyzyk
- REVIEW OF: Jeff Greenberg with J. R. Lakeland. A Methodology for Developing and Deploying Internet and Intranet Solutions. by Ray Olszewski
- About TER
REVIEW OF: Paul Miller and Daniel Greenstein, eds. Discovering Online Resources Across the Humanities: A Practical Implementation of the Dublin Core. UK Office for Library and Information Networking, 1998.
by Priscilla Caplan
In 1996 and 1997, the British Arts and Humanities Data Service (AHDS) and the UK Office for Library and Information Networking (UKOLN) sponsored a series of workshops focused on metadata for cross-domain resource discovery in the humanities. Their premise was that scholars want and need access to relevant resources regardless of format or "subject perspective," and regardless of what type of agency (library, museum, archive, etc.) has traditionally managed and cataloged them.
The first workshop included representatives from all areas of the humanities and focused on the meaning of cross-domain searching. They posited a "drill-down" model involving three stages of search requiring successively richer metadata records. They proposed that the first stage, the discovery of potentially relevant materials, could be satisfied by relatively generic metadata such as the Dublin Core, while subsequent stages would require domain-specific metadata formats such as MARC records or TEI (Text Encoding Initiative) headers.
This meeting was followed by a series of workshops in six specialties, or domains, within the humanities: archeological and spatial data, film and video, historical data and databases, music, texts, and visual arts and museum information. Each workshop assessed resource discovery needs within the domain, analyzed how well the Dublin Core metadata element set met those needs, and recommended specific changes to the Dublin Core.
Discovering Online Resources in the Humanities: A Practical Implementation of the Dublin Core is the report of this process. It explains the framework for the workshop series, gives a short description of the Dublin Core, and then proceeds with the seven summary workshop reports. The Dublin Core is then reexamined and modifications are suggested to incorporate suggestions from the workshops. Final chapters give an architecture and framework for cross-domain resource discovery.
It is fascinating to read the workshop reports in series. Considering that each specialist workshop arrived at its conclusions independently, there is a remarkable commonality in both general issues (e.g., the tension between the requirements of a specific subject area and the need for interoperability) and specific recommendations (e.g., confusion between DC.Creator and DC.Contributor). Most of the problems noted here concern data elements that the drafters of the Core have always found problematic, and reinforce the idea that some redefinition of the basic element set is required. Overall, however, the dominant conclusion is that a generic data element set for cross-domain searching is necessary, and that Dublin Core essentially does satisfy the requirements.
This volume was distributed and a report on it presented at the Fifth Dublin Core Metadata Workshop in Helsinki in October 1997 and although most of the specific recommendations were not discussed in detail, it did have some influence, particularly in helping to shape the redefinition of the DC.Date element.
Although this is a slim and specialized publication, it should be of interest to several different audiences. Communities actually trying to implement the Dublin Core will appreciate the detail and directness of this assessment. Those dealing with descriptive metadata in general will find the analysis of cross-domain searching informative. Finally, the very method used to draw a wide variety of specialist viewpoints into a common framework may be of interest to those engaged in similar consensus-building activities, whether or not they pertain to metadata.
Priscilla Caplan (pcaplan@uchicago.edu) is Assistant Director for Library Systems at the University of Chicago Library.
Copyright © 1998 by Priscilla Caplan. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at pcaplan@uchicago.edu.
REVIEW OF: Rolf Oppliger. Internet and Intranet Security. Norwood, MA: Artech House, 1998.
by Mark Cyzyk
This is not a "how to" book; rather, it is a textbook on the state of the art in network security, specifically network security as it is currently implemented on the Internet and on local intranets. Lest the label "textbook" discourage readers however, I must point out that Oppliger's work is readable and informative for those seeking a detailed survey of the current architectures and protocols involved in securing information systems connected to the Internet or an intranet.
Oppliger begins by reviewing the nature of TCP/IP networking and the various network layers that are of key concern in securing an information system. He introduces something he calls the Internet Model, a simplification of the familiar Open System Interconnect (OSI) model, as a heuristic device to be used throughout the book. Instead of the seven layers of the OSI model, the Internet Model is comprised of only four: The Network Layer, the Internet Layer, the Transport Layer, and the Application Layer. The book details the means of securing each of these network layers.
Before doing so, however, Oppliger provides a fine introduction to cryptographic techniques, authentication types, and key distribution including one-way hash functions, secret key cryptography, public key cryptography, password-based authentication, address-based authentication, cryptographic authentication, manual key distribution, center-based key distribution, and certificate-based key distribution. With this as a general background he then proceeds to a discussion of some specific security techniques as applied to each layer of the Internet Model.
The first type of technology Oppliger discusses is firewall technologies, and these are of two types: Packet filters and application gateways. Essentially, a packet filter is a firewall system that operates at the Internet Layer of the Internet Model. It examines each and every incoming packet and, following predetermined packet filtering rules, allows or disallows packets into an internal network. Packet filters can ensure that, for example, requests for various Internet services (telnet, SMTP) occur only on the common port numbers to which those services are normally bound. Moreover, a packet filter can combat IP spoofing by passing only those packets whose origin is from an IP address outside of the internal network. Thus if a hacker attempts to use an internal, trusted IP to gain access to the internal network from outside, the packet filter will determine that an internally-assigned IP is attempting to cross the firewall from an external network and will disallow it.
Whereas packet filters operate at the Internet Layer of the Internet Model, application gateways operate at the transport or application layers depending upon whether they are a circuit-level gateway or an application-level gateway, which Oppliger distinguishes and defines. In either case, an application gateway is a sort of proxy server for each application protocol being run on a network; if a network uses the telnet protocol, for example, there will exist a telnet daemon running as a proxy on an application server somewhere between the inside and outside networks that screens, logs, and performs other accounting functions on all telnet transactions attempting to cross. The same holds for other applications and protocols.
After an insightful discussion of firewall placement on a network, Oppliger proceeds to introduce and detail the various proposed and currently implemented Internet Layer communications protocols. These include: Security Protocol 3, Network Layer Security Protocol, Integrated NLSP, swIPe, IPv6, and several others. For those with an interest in low-level protocols, this should prove fascinating--for this reviewer, however, the level of detail was uninteresting. Nevertheless, such a discussion certainly belongs in a book of this type.
What was more interesting was Oppliger's next topic: Transport Layer Security Protocols. These include Security Protocol 4, Secure Shell, Private Communication Technology, and Secure Sockets Layer (SSL). The level of technical detail involved in Oppliger's elaboration of how SSL operates was interesting, perhaps because SSL is such a common, widely implemented protocol.
In his chapter on Application Layer Security Protocols, Oppliger broaches the topic of secured applications such as Secure Telnet, the various flavors of secure email systems, and Secure HTTP. His narrative on PGP-encrypted email and Secure MIME is surely a sign of things to come. These technologies are here now, but not commonly implemented. As email becomes more and more central to the inner workings of societies around the world, its security will quickly become of prime importance--and encrypted email systems will certainly become prevalent.
He concludes the book with a brief look at electronic commerce as well as a short survey of Internet security tools (e.g., Satan, COPS, TCP Wrapper). In all, the book provides a fine overview of the state of the art in Internet security. It was not, however, an easy read in places and is certainly not a book to be consulted for practical advice.
Mark Cyzyk (mcyzyk@towson.edu) is the University Webmaster at Towson University in Towson, Maryland. He was formerly the Head of Information Technology in the Albert S. Cook Library at Towson University.
Copyright © 1998 by Mark Cyzyk. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at mcyzyk@towson.edu.
REVIEW OF: Jeff Greenberg with J. R. Lakeland. A Methodology for Developing and Deploying Internet and Intranet Solutions. Upper Saddle River, NJ: Prentice Hall, 1997.
by Ray Olszewski
As more and more businesses move away from legacy computer systems to modern client-server systems--decentralized, Internet- and Web-savvy, and based on newer operating systems, they will face complex migration requirements. Jeff Greenberg, the principal author of this book, is an experienced project manager for these large-scale migrations. In A Methodology for Developing and Deploying Internet and Intranet Solutions, he offers a wide assortment of insights into how to manage these conversions.
Be very clear about one thing: this book is about management, not about technology. Built around an extended hypothetical case, it offers advice about and highlights problems with assembling a project team: involving all the key players at the client, balancing the need for good client relations with the business, necessity of putting clear limits on your team's responsibility, scheduling, handling client requests for modifications and additions, and handing over the system (and responsibility for it) to the client.
While the book uses a lot of examples of Internet and intranet technology in developing the case, Greenberg provides almost no detail about the kinds of cost, technical trade-off, and design decisions that underlie the specifics of the technology. Other members of his hypothetical project team make these decisions, and those individuals function essentially as "black boxes" in the example--requirements go in, designs come out, but we don't see the thinking that underlies the specifics.
In that respect, the book is only incidentally about computer systems. Though that is where Greenberg's management expertise comes from, the book's insights can easily be applied to other kinds of large-scale development projects for clients. I can easily think of several (non-computer) projects early in my own career where I would have benefited enormously from the advice offered here about how to prepare specifications, set contract terms, and manage day-to-day interactions with clients.
Greenberg's real-world knowledge comes through on almost every page of the book. He offers the kinds of realistic, detailed advice that can come only from years of management experience. Much of the advice is the sort that seems obvious once you see it. Example: if you need to work on-site outside of business hours, make sure the contract provides for whatever you need (keys, escorts, etc.) to get that access. This is a trivial observation in one sense, but it is also the kind of detail that I often see overlooked in practice.
Similarly, Greenberg emphasizes again and again the importance of understanding the "business politics" that underlie the project. Pointing out that every big project puts the manager's professional reputation on the line, he insists on the need to take responsibility for all aspects of the project's success, not just the "official" aspects that appear in the contract. So he advises the reader about how to locate the real decision makers, how to enlist their participation, and how to make sure that the system's ultimate users are included in the design process. Although we learn little about the actual technologies here, we learn a lot about the variety of specialized resources needed on such a complex project and about the management problems associated with assembling and coordinating such a team.
That said, the book is targeted to a highly specialized audience: beginning project managers in companies that provide turnkey solutions to businesses. Some others would find parts of it useful, particularly managers running internal development efforts and managers dealing with turnkey vendors.
The extended example that provides the "frame tale" for his advice is a systems make over for a small telephone company that is newly facing competition. It needs three main things: a Web presence for customers offering a facility for placing and checking on the status of orders; an interface to existing systems to allow the actual fulfillment of customer orders; and an internal system for communication among employees.
The example is well selected in that it includes all of the major problem areas that Internet and intranet solutions might face. The project includes selecting server and client computer systems, placing those systems (e.g., Will they fit on the actual desks used? Are there enough electric outlets?), designing databases, creating "glue" code to provide an interface to older mainframe systems, developing cgi scripts for the customer-order-placement system, dealing with Internet access providers, and helping the client cope with the major work changes that the new systems will mean for employees.
To my eye, the book's biggest weakness is Greenberg's coyness about discussing project costs. Including exact costs would make no sense--the example is hypothetical, after all, and too much detail here would no doubt reveal proprietary information. But I came away from the book unsure as to whether I was reading about a half-million dollar example, a five million dollar one, or a fifty million dollar project. That degree of vagueness is simply too much--the variety of specialized resources he assumes are available cannot be supported at all dollar levels, so knowing the rough magnitude he was assuming is an important piece of the lesson.
In sum, A Methodology for Developing and Deploying Internet and Intranet Solutions is of limited interest to most users of computer services and most computer professionals. For its narrow target audience, it is a treasure trove of management advice and may save a new project manager from many a costly, and personally embarrassing, mistake. But for readers looking for advice about the substantive development and design of solutions--the technologies themselves and the technical skills needed to implement them--this is the wrong book.
Ray Olszewski (ray@comarre.com) is a consulting economist and statistician. He spent three years as Network Manager at The Nueva School, a private K-8 school in Hillsborough, California. His work includes development of custom Web-based software to support online research.
Copyright © 1998 by Ray Olszewski. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at ray@comarre.com.