The MysticAIR login system was introduced to answer the request by some end-users for a mechanism for their readers to login to Mystic using a generic user account, and perform basic functions such as Searching and Issuing of items.

As Mystic is an online application however, rather than a desktop system installed on a single, protected machine, this naturally posed some clear security problems - not least of which is that Mystic is designed for use from anywhere in the world. Opening up generic logins to school readers would also open those same logins externally to the library as well.

MysticAIR was designed therefore, to allow:

• Fast access as a generic user on authorised, trusted machines,
• Fast access for readers to login from a remote location (e.g. their home), but only to perform a limited range of functions without the need to remember usernames, passwords and library license codes.

The heart of MysticAIR revolves around the use of a cookie placed onto a trusted computer, containing a key encrypted with strong, military grade encryption. Without the key, This key in isolation, even if it could be decrypted, is useless as it is just a reference to more important information stored in the central MysticAIR servers, and therefore poses no security risk.

If the key is lost or removed, Mystic simply prevents access completely. To regain access, a new 'invitation' needs to be issued by the librarian. Conversely, the librarian can also change the available permissions on a registration, or revoke it completely, making even a registered computer useless.

Pergamon Wiki Home