This is an old revision of the document!
The MysticAIR login system was introduced to answer the request by some end-users for a mechanism for their readers to login to Mystic using a generic user account, and perform basic functions such as Searching and Issuing of items.
As Mystic is an online application however, rather than a desktop system installed on a single, protected machine, this naturally posed some clear security problems - not least of which is that Mystic is designed for use from anywhere in the world. Opening up generic logins to school readers would also open those same logins externally to the library as well.
MysticAIR was designed therefore, to allow:
The heart of MysticAIR revolves around the use of a cookie placed onto a trusted computer, containing a key encrypted with strong, military grade encryption. Without the key, This key in isolation, even if it could be decrypted, is useless as it is just a reference to more important information stored in the central MysticAIR servers, and therefore poses no security risk.
If the key is lost or removed, Mystic simply prevents access completely. To regain access, a new 'invitation' needs to be issued by the librarian. Conversely, the librarian can also change the available permissions on a registration, or revoke it completely, making even a registered computer useless.