The University of Michigan Library is switching to solely secure (HTTPS) connections between users of our library’s resources and the resources themselves. This means that when users interact with a University of Michigan Library website listed below, all communication between the user's web browser and the library's servers will be encrypted, so that 3rd parties will not be able to eavesdrop on user's search queries or resources accessed. The library is taking this step because it’s the right thing to do and because these actions support the principles outlined in the Library Freedom Project’s Library Digital Privacy Pledge of 2015-2016.
Switching the library's system architecture to exclusively HTTPS is often complicated. One of the most significant challenges is that, in the early days of developing the U-M Library's online presence, it was decided that HTTPS would be the signifier for authenticated status. In some cases, such as the library website, authentication and authorization were tied to the transfer protocol. Authenticated use (for editing, for example) was via HTTPS; unauthenticated use was via HTTP. Here is a summary of our current status and the library's goals for the end of 2016.
Already Converted to Exclusive HTTPS
The following services have been switched to exclusive HTTPS access as of August 2016:
- Deep Blue (our institutional repository)
Update to Exclusive HTTPS in Process
By December 2016, we commit to moving the following services to exclusive HTTPS:
- University Library website
- Mirlyn (University Library Catalog)
- Library Proxy Server
- University of Michigan Press website
- Michigan Publishing website
- Pancreapedia
- Civil Rights Clearinghouse
- MGet It (OpenURL Link Resolver)
- Digital Library platform (our digital library, managed by DLXS software)