NBER Help: Working Papers

Obtaining Authorization

Authorization by domain name

If the standard authorization procedure fails, please e-mail us the following information:

^**

^***

If you are unable to find the above information, an alternative solution is available.

^* If you do not know your IP address, ask your network administrator.

^** Your domain name is most often the last part of your email address -- for instance, if your address is smith@harvard.edu then your domain name is probably harvard.edu but this is not always the case. If you are unsure, please contact your network administrator.

^*** Your network administrator can help you determine your caching computer's address. Your uncached address is that of your actual computer, rather than the computer which caches your Web pages.

^****Your browser's name is probably Microsoft Internet Explorer, Netscape Navigator or AOL browser. The version number and name can ususally be found by launching the browser and then choosing the 'about' option in the 'help' menu on a Windows computer or in the 'Apple' menu on a Macintosh computer.

Why we may need your network number

The NBER authorizes entire organizations for access to full text downloads of Working Papers so users don't have to remember login ids or passwords. Most authorizations are based on the domain name of the computers used to access the NBER site. For example, we can put 'ibm.com' into our authorization database, so that all computers within IBM will be allowed full text downloads automatically.

We don't necessarily know the domain name of computers accessing our web site, but we do know the numeric IP addresses. Our server can take an IP address and connect it to a domain name using a procedure called reverse name lookup (RNL). The number 128.103.119.233 would be connected to nber.org, for instance.

Unfortunately, some networks do not implement reverse name lookups, and do not respond to RNL requests. Select here for a reverse name lookup (RNL) test of your computer. If it doesn't tell you the name of your computer, you don't have reverse name lookup.

Authorization by network number

If your network doesn't support RNL, there is an alternative method for authorization. We can put the complete range of numeric internet addresses at you site in our authorization file.

The disadvantage to this is that most users don't know their IP address, and very few know the range of addresses for their organization. This can be overcome with a bit of information obtained from the user's network administrator or a bit of detective work.

The range of addresses assigned to a particular network is called its network number. A typical network number is expressed as nnn.nnn.nnn.0 where the zero stands for ``all the addresses from 1 to 255''. The NBER network number is 207.113.108.0, which means NBER computers can be assigned numbers from 207.113.108.1 to 207.113.108.255.

Typical Problems

Your organization may have IP addresses in several discontinuous ranges, and your department administrator may know only those for your department. His contact at the central network for your organization should have a complete list.

Some network administrators claim that it improves security to turn off reverse name lookup, but there is no evidence for this. Many very high security sites, including the IMF, the Federal Reserve, and IBM, follow RNL protocol.

At many sites, reverse name lookup returns an alias instead of the correct name. If the alias does not include the true domain name, authorization will fail.

An additional complication arises from firewalls and proxies, which may substitute their own IP address for the address of the host. In this case we need the IP address or host name for the firewall or proxy itself, not the address of your machine behind the firewall. The firewall address is the public face of your network. It hides the private IP addresses from public view, but is not in itself private.

Some ISPs (Internet Service Providers) cache Web pages with a so-called "transparent cache engine." It intercepts all traffic from the user's computer to the Web site. So while the user thinks he has sent a request to the NBER, the cache engine intercepts it, and tries to fullfill the request from its own memory. Only if the page is not available in memory is the request forwarded to our Web server. This cache may be shared by multiple customers, some of whom are NBER suscribers and some not. In any case, we would only see the IP address of the ISP cache engine, and may not authorize a download. In most cases we can determine the domain of the originating request through the "Via" header the cache engine sometimes includes with the request. But this method does not always work.

If your network administrator is not helpful

Sometimes, users do not have the required information, and find their network administrator unhelpful. If you have tried but have been unable to get the necessary information, this procedure may work:

Please browse http://papers.nber.org/papers/w0000 and note the exact time (in New York). Then email feenberg@nber.org, with the exact time (please include any other of the above information you can find. (i.e. IP address, domain name, etc). We will find in our logs the IP address of the machine sending a query at that time. We may be able to turn that into a network number, or simply add it to the authorization list. We ask that this be kept as a last resort, because the exercise is time-consuming at our end, and (if reverse name lookup is not available) may only add your computer to the database temporarily. Some systems receive a new IP address every time they boot, in which case your authorization could lapse. On the other hand, if your access is through a firewall, this procedure may establish access for all the other users of the same firewall.

Dan Feenberg is always available to discuss technical issues with your network administrator. Send email to feenberg@nber.org or call 617-588-0343.

Working Papers Technical Support
Questions and comments about our web site are always welcome.