Skip to main content
OCLC Support

Identifier

This page describes options for using EZproxy's pseudonymous identifier feature using the Identifier config.txt directive.

Overview

In EZproxy v7.1, OCLC introduced an optional feature that releases pseudonymous identifiers to content providers. Pseudonymization is a data management and de-identification procedure by which personally identifiable information is replaced with one or more pseudonymous identifiers. Releasing pseudonymous identifiers to content providers enables them to identify an unauthorized e-content user—without obtaining personally identifiable information—so they don’t resort to turning off licensed databases. This allows for more continuous access for the library while continuing to honor library patrons’ rights to privacy. These features will help libraries

  • Detect compromised credentials before they can be used to exploit other systems and data
  • Save staff time from sifting through log files for compromised credentials
  • Reduce interruptions in e-content access

Enabling the pseudonymous identifier will release a short-lived, opaque ID to allow content providers to distinguish between individual users (not identify them). This will help realize benefits of content provider intrusion detection systems while continuing to honor patron privacy. Libraries and content providers can use these IDs to resolve issues without blocking campus access.

How to enable the identifier

EZproxy hosted users

Please contact OCLC Support in your region to enable the identifier and/or display a privacy notice to end users.

EZproxy stand-alone users

The identifier is enabled when you define a secret for the identifier in the config.txt file. This secret does not allow publishers to decode privacy information but is used to cause each EZproxy site to send a differently-encoded identifier via hashing.
 
In config.txt, this statement must be included to enable the identifier:
Identifier Secret <a-value-you-set-here>

where <a-value-you-set-here> is a string that will be used as part of the hashing process. Restart your EZproxy server after adding this configuration statement.

Example:
Identifier Secret WQpx*YhF5Y?Wad?M
Note that messages.txt will indicate that the identifier feature is enabled at EZproxy startup.

Participating publishers

In order to receive the identifier, each publisher must enter into a data protection agreement with OCLC in order to preserve patron privacy. The following publishers are currently participating:

  • American Chemical Society
  • Elsevier (ScienceDirect)
  • Optica
  • Taylor & Francis
  • Wiley

When a Secret value is established, the pseudonymous identifier will by default be sent to all participating publishers, though it can be disabled on a per-publisher basis. The syntax for disabling the identifier for a specific publisher is:

Identifier Disable <publisher>

The possible values for <publisher> are acs.org, optica.org, tandfonline.com, sciencedirect.com, and wiley.com


Additional details

 

  • The identifier is sent via x-headers and is between 80 and 90 bytes long.
  • The identifier is one-way hashed and cannot be processed by publishers to get identifiable information such as a username.
  • The identifier is generational; it only has a lifetime of 30 days. Two generations (60 days) are kept in the identifier database.
  • Different hashing routines are used for different publishers.