Technology Electronic Reviews (TER) Vol. 9, No. 3, July 2002

Technology Electronic Reviews logo

Volume 9, Issue 3, July 2002

Technology Electronic Reviews (TER) is a publication of the Library and Information Technology Association.

Technology Electronic Reviews (ISSN: 1533-9165) is a periodical copyright © 2002 by the American Library Association. Documents in this issue, subject to copyright by the American Library Association or by the authors of the documents, may be reproduced for noncommercial, educational, or scientific purposes granted by Sections 107 and 108 of the Copyright Revision Act of 1976, provided that the copyright statement and source for that material are clearly acknowledged and that the material is reproduced without alteration. None of these documents may be reproduced or adapted for commercial distribution without the prior written permission of the designated copyright holder for the specific documents.

REVIEW OF: Stuart D. Lee. (2001). Digital Imaging: A Practical Handbook. New York: Neal-Schuman.

by John Wynstra

Digital Imaging: A Practical Handbook is a concise book weighing in at only 194 pages with 34 of those pages dedicated to three appendices and an index. The contents are mainly text, interlaced with approximately 20 supporting figures and tables.

The author approaches the topic of digital imaging from a project management perspective, maintaining a clear focus on special and rare collections housed at libraries and museums. This book steps through the different phases in the digitization project life cycle beginning with the project initiation; moving to the assessment and selection phase; on to the preparation and digitization phases; and finally to the editing, delivery, and support phases. Along the way, the author describes the different experts that are needed to provide input into the project, including: subject experts, conservation experts, digital and film photographers, catalogers, and management and administration. The message is clear that good project management skills, expert participation, and a thorough understanding of the process are all required for a successful outcome to a digital imaging project.

The author begins by using a hypothetical but typical scenario to point out the general issues that must be considered when undertaking a digitization project. These include such things as the staffing and expertise required, the assessment of material to be digitized, the determination of goals that drive the project, the selection of hardware and software, the project life cycle, and the choice between outsourcing the work or doing it in-house.

As the author points out, it is critical to determine the goals for a project in order to make good decisions throughout the project. The goals for the project will affect the methodology, time required, costs, and final output. Multiple formats and resolutions may be required to meet all of the desired outcomes of a single project. The three most common goals according to the author are: preserving rare and fragile originals; increasing access to a collection; and meeting institutional strategies. By meeting institutional strategies, the author is referring to things such as generating income, attracting funding, and reducing the burden on staff or budgets.

Realizing that most institutions engaging in digitization projects have multiple collections slated for digitization, but limited resources, the author presents a decision matrix that can be used as a guide through the assessment phase. This decision matrix is presented as a series of flow charts and checklists that can aid in evaluating and prioritizing collections and, in some cases, even eliminating some collections from consideration for digitization.

From the author's point of view, copyright is one of the more significant issues in digital imaging projects and can become one of the main obstacles early on. Determining the copyright implications for the material at hand is done during the assessment phase and should not be taken lightly. Whole projects can end up on the wayside due to lack of sufficient funding for handling copyright. Also, projects can become mired in the time-consuming process of obtaining copyright clearance and end up missing critical deadlines. The author discusses other obstacles to digital imaging projects, such as missing pieces from the targeted collection or lacking a real need for the project due to the existence of a similar or even identical digitized collection available at a different institution.

The author dedicates a whole chapter to discussing the technical details of digitization, defining such terms as pixels, resolution, interpolation, compression, image format, hardware, and software. It is here that we see a description of the different image formats including TIFF, JPEG, GIF, Photo CD, PNG, Pyramid file formats, PICT, BMP, PDF, and DjVU. We are also introduced to the hardware that is used to perform the digitization. The cost of such hardware can be a significant factor in choosing to outsource the digitization. Flatbed scanners, sheet-feeders, drum scanners, microfilm scanners, digital scanners, and oversized document scanners are all used for digitization. These can cost tens of thousands of dollars and, in some cases, hundreds of thousands of dollars.

The author strongly encourages the use of benchmarking during the preparation phase to provide for quality assurance in the final output. This is especially important when outsourcing the work. The preparation phase includes performing digitization of a small subset of the collection and using that to calibrate the equipment and establish benchmarks for the final images. A flowchart is provided that shows the workflow for a project once it gets to the preparation and digitization phases. The flowchart shows a path for both outsourcing the work and for performing it in-house. In both cases, quality assurance is an important component.

Throughout the book, there are references to relevant organizations as well as projects that have already been completed successfully and made available to the general public via the Internet. Beyond those that are mentioned in the chapters, there is an appendix listing international organizations that are involved in noteworthy digital imaging initiatives and who provide valuable reference resources generated from past experience. This list includes universities, vendors, museums, as well as consortia. Additionally, there is an appendix listing recommended reading resources, covering topics such as copyright, metadata, best practices, and standards, among other issues.

I must admit that my expectations for this book, based largely on the title, were for a book that would describe the tasks and techniques associated with creating good digital image files. I had expected to see evaluations and recommendations of scanners, reviews of image editing software, ubiquitous tips and tricks peppering the pages, and numerous pictures comparing image quality resulting from various scanning techniques and settings - all coming from the experts who had already been there. While chapter three covered those issues to some degree, the overall focus of this book is on the project management aspect of digital imaging. That being said, I would definitely recommend this book as a resource for anyone who is responsible for or involved in large-scale digital imaging projects. In particular, every library and museum involved in or considering the digitization of local collections would be well advised to own a copy of this book.

John Wynstra ( is the Library Information Systems Specialist at the University of Northern Iowa.

Copyright © 2002 by John Wynstra. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at

REVIEW OF: Rolf Oppliger. (2002). Internet and Intranet Security (2nd ed.). Boston, MA: Artech House.

by Michael B. Spring

Internet and Intranet Security is an exceptional book that provides the reader with a succinct overview of network security in less than 400 pages. The author provides an authoritative treatment of network security addressing both intranet and Internet security. Oppliger manages to provide all the standards detail, with acronyms and standards numbers in full force, while presenting the material in a way that will be readable by people with only a cursory understanding of the technology and the standards bodies involved.

It's hard to know where to start in terms of praising what the author has managed to put together. The book is broken down into four parts: fundamentals, access control, communications security, and discussion. The overview of the fundamentals is as good a review of the Internet technologies and terminology as this reviewer has seen. The decision to break the main body of the book down into access controls (firewalls) and communications security (encryption of information while in transit) makes it easy to see how the whole picture fits together. The decision to deal with firewalls first helps the reader to ease into the more difficult sections. The final discussion section is strong on Public Key Infrastructures. Given the author's obvious command of the subject matter, one can only be a little disappointed that the chapters on electronic commerce and risk management provide little depth. While electronic commerce is understandably still in flux, more could have been said here. Despite wanting more from the author in these areas, what is said throughout the book is simply stated, solid, and appropriately detailed.

Part I on Fundamentals is broken down into six chapters. Chapter 1 provides a succinct and yet complete set of definitions that serve to limit and clarify the focus of the book. Good use of the Open Systems Interconnection (OSI) reference model is made to clarify how the various security initiatives fit together. The author masterfully defines protocols, protocol suites, processes, clients, servers, etc. In chapter 2, he takes on TCP/IP as well as a history of the Internet and the bodies involved in Internet standardization. The various classes of Internet Engineering Task Force (IETF) standards -- informational, proposed, draft, Internet standard -- are clearly set out. He clarifies the relationship between the Internet model and the OSI model. More importantly, he explains the relationship between the Internet Protocol (IP) and the Transmission Control Protocol (TCP) that is critical to understanding the security issues. Chapter 2 includes the fundamentals necessary to understanding issues related to the User Datagram Protocol (UDP) and to multicasting. Chapter 3 provides a taxonomy of various types of Internet attacks using the broad breakdown of passive and active attacks. Under active attacks, the author covers denial of service, degradation of service, spoofing attacks including IP spoofing, DNS spoofing, sequence number guessing, and session hijacking. Chapter 4 provides an overview of OSI security architectures, including security services, security mechanisms and security management. Classes of OSI security services that are covered include: authentication, access control, confidentiality, service integrity with recovery, and non-repudiation. The clarity and quality of the presentation gives the reader a solid footing. Chapter 5 on cryptographic techniques might possibly be moved to Part III on communications security, but that is a minor quibble. Broadly, chapter 5 introduces secret key cryptography and public key cryptography. Oppliger also covers digital envelopes, cryptographic hash functions, and the protection of cryptographic keys. Chapter 6 covers authentication and key distribution. Under authentication, in addition to the well-known triplet of proof by possession, knowledge, and property, he adds proof by location. The chapter also covers key distribution both managed centrally and based on certificates. With the exception of a few of the sections in chapter 5 on cryptography, the first 120 pages are easily readable by anyone working in this field. Those who have detailed knowledge of the field will find the organization and simple explanations provided by the author of use in deciding how to provide explanations of the concepts to managers unfamiliar with the technology.

Part II is concerned with access control. In this part of the book, the author carefully controls the introduction of particular products with a more general theoretical overview of various methods of access control. He covers packet filtering, circuit level gateways, and application gateways. Each of these chapters stands on its own with careful explication of the many variables and approaches that may be taken. Throughout these four chapters he begins always with a simple high-level diagram that describes the functionality and capability at that level of access control. Chapter 11 provides an overview of the various firewall configurations that are possible. The diagrams and their descriptions simply and accurately distinguish between dual homed hosts, bastion hosts, screened hosts firewalls, and screened subnet firewalls. The sections on network address translation, and firewall certification make somewhat less visible issues exceptionally clear. As he does throughout the book, the author concludes this section with the carefully reasoned expert perspective on what firewalls can and cannot provide. He talks about current state of the art and problems yet to be addressed.

Part III addresses communications security. If readers did not yet have a complete picture of what network security is all about, they will now begin to see exactly how the author breaks the problem up. Part III addresses securing the communication at each level of the OSI protocol stack - and above! It begins with network access and Internet layer security protocols. The author provides solid coverage of transport layer security with a very solid review of Secure Socket Layer (SSL) protocol and its evolution and development. He goes on to discuss application layer and finally message security protocols. Each of the chapters begins simply, introduces clear indications of the scope of the security provided at that level, and then goes on to provide an authoritative statement of the current state of the standards and products in this area. Chapter 14 on Internet layer security protocols covers the broad IETF effort at standardization, the authentication header and encapsulating security payload protocols, as well as the various key management protocols. It includes an excellent discussion of the problems encountered in multicast IP packets and some solutions being worked on. The transport layer protocol chapter addresses not only SSL, but Transport Layer Security (TLS) and firewall tunneling. Chapter 16 on application layer security introduces the various terminal access efforts, as well as file transfer, electronic mail, and World Wide Web transactions. The author carefully goes on to explain vulnerabilities related to the domain name system and distributed file systems, as well as the proposals to cover the vulnerabilities. This chapter also covers authentication and key distribution systems. The description of Kerberos operation is as clear and complete as this reviewer has seen. Chapter 17 discusses securing messages to be communicated above the application level. In particular, he addresses message security services such as Pretty Good Privacy (PGP). For the reader following the development of PGP and its dissemination internationally, Oppliger's review in this chapter is most interesting.

As was indicated earlier, if there is a weakness in the book, it is that the reader is left wanting more of the author's thoughts in Part IV in which he discusses Public Key Infrastructures (PKI), E-Commerce, and Risk Management. Chapter 19 on PKI is thorough and introduces the soon to be critically important attribute certificates that will make Web services work in a secure fashion. The section on certificate revocation and attendant problems is also well presented. As the author notes in chapter 20, electronic commerce is one, if not the major, driving force behind the forces working to secure the Internet. He tantalizes the reader with the observation that the current focus on agent-based computing makes clear the need not only to secure systems from agents, but to secure agents from systems. Having introduced the topic, one can only be disappointed that he does not spend more time explicating where this topic goes and what he thinks needs to be done. Similarly, given the choice to introduce risk management in the final chapter, one can only be disappointed that he doesn't spend more time here.

In conclusion, this book should be the first book that professionals purchase in this area. Further, while security professionals will not be surprised by anything that is covered, they will find the author's approach well worth reading for guidance on how to help others make sense out of this increasingly complex and dynamic area.

Michael B. Spring is an Associate Professor of Information Science and Telecommunications at the University of Pittsburgh. He can be reached at

Copyright © 2002 by Michael B. Spring. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at

REVIEW OF: Thomas E. Stern and Krishna Bala. (1999). Multiwavelength Optical Networks: A Layered Approach. Berkeley, CA: Addison-Wesley.

by James L. Van Roekel

There is no question that the telecommunications industry is growing. How many of us have access to multiple landline telephones, mobile telephones, wireless, wired, cable, and DSL networks? While there are remnants of copper wire-based telecommunications networks, fiber is the new standard.

The book begins with background and descriptive information on networks generally, and optical networks specifically. It focuses on four classes of optical networks: static networks, wavelength-routed networks, linear light-wave networks, and logically routed networks. These are discussed in increased order of complexity while emphasizing methodologies for network design, control, analysis and management (p. xxvii). Static networks are the simplest form of a transparent optical network, and use optical multiplexing and multiple access to provide multipoint connectivity. The most elementary form of this is the broadcast star, in which all signals transmitted are combined at a star coupler and broadcast to all receivers (p. 267ff). Wavelength-routed networks use optical switching to provide point-to-point connectivity over re-configurable optical paths, in which reconfiguration is achieved by space switching (p. 369ff). In linear light-wave networks, an optical path consists of a fiber path carried on a designated waveband creating a connection on a designated optical path within the path's waveband to that connection (p. 441ff). Logically routed networks use electronically switched overlays to provide virtual connectivity on a re-configurable optical layer, such as ATM switches or IP routers (p. 543ff).

Each chapter offers illustrations that are presented very clearly in design and copy. This 765+ page volume includes a comprehensive index and bibliography as well as exercise problems, at the end of each chapter. Six appendices are included covering graph theory, fixed scheduling algorithm, Markov chains and queues, a limiting-cut heuristic, an algorithm for minimum-interference routing in linear light-wave networks, and a synopsis of the Sonet Standard.

Finally, the publisher has provided additional content, including chapters, author interviews, source code, and product information, on its website at

Multiwavelength Optical Networks: A Layered Approach is an excellent textbook for upper-level undergraduate and graduate telecommunications and engineering courses.

James L. Van Roekel ( is Director of Academic Instructional Technology and Distance Learning at Sam Houston State University, Huntsville, TX.

Copyright © 2002 by James L. Van Roekel. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at

About TER