Calimera Guidelines

The EU is supporting research into knowledge technologies and the KTWeb project has recognised that “more research should be undertaken specifically focusing on contextual retrieval, personalisation and user profiling”. [1]

Sophisticated forms of personalised services are already common in the financial and commercial worlds, where they are regarded as valuable tools in marketing and to retain customer loyalty. They are becoming increasingly popular in other sectors such as education and tourism, and offer exciting possibilities for the cultural sector to add value to services by taking into account the specific interests and characteristics of users. The more collections are digitised, the more opportunities there are for personalisation.

Personalisation should not be introduced for its own sake however, but only when it brings added value to a good proportion of users. Complex personalisation systems may not be good value as compared with good basic web navigation facilities and access for groups such as disabled people from the home page. Personalisation systems should be simple to operate or people will not take the time or make the effort to use them.

Personalisation could lead to changes in the way museums, libraries and archives operate. For example, there will be an impact on performance measurement, with opportunities to obtain more detailed management information. Also the change from "product push" to "user pull" will impact on the role of staff, and the implications for staff training will need to be addressed.

Because of the level of complexity and expense of personalisation systems, institutions will probably need to co-operate with other organisations to provide personalised access across a range of different museums, libraries, archives and other services.

Many personalisation systems use smartcard technology, requiring increasingly sophisticated authentication techniques. Museums, libraries and archives must be aware of the coming changes to systems of authentication and the possibility of this process either becoming more complex and expensive or being taken out of their control. This is an area where co-operation may be necessary or desirable, but institutions will need to decide whether to undertake their own authentication procedures or rely on those of third parties.

Ethical issues such as protection of privacy will need to be addressed, perhaps through a code of conduct. The issue of integrating user databases with content databases will also need to be dealt with.

For a discussion of the issues to be considered in setting up a personalisation system see "The personalization challenge in public libraries: perspectives and prospects" by Christopher Chia and June Garcia [1], and “Personalisation and the web from a museum perspective” by Jonathan P. Bowen and Sylvia Filippini-Fantoni [2].

GOOD PRACTICE GUIDELINES Back to Scope

A personalised system is one which responds differently to different people, either because of their response (explicit or implicit) to questions asked by the system at the time, or because of their previous interaction with the system. In order to provide a personalised service the system must be able to identify the person, which involves user authentication.

User authentication (see also the guideline on Security) Back to Scope

Authentication is the process by which the electronic identity of a client is asserted to, and validated by, an information system, using a credential issued following a registration process. It may involve establishing that the client is the true holder of that credential by means of a password or biometric. A biometric authentication involves the identification of fingerprints, facial features, voiceprints or retinal patterns. The registration process will have involved the production of some real-world identification process such as a driver’s licence, passport, or birth-certificate etc. There are different levels of authentication; the following are listed in order of the degree of security they provide:

· obscurity is based on the assumption that only authorised users will know the name of a file or database and that the databases are sufficiently protected by this alone;

· simple authentication uses shared secrets (passwords) which are exchanged as clear text and which provide very little assurance of the identity of the sender of the message. For example passwords can be lost or stolen; users tend to choose obvious words to be their passwords; they often have to remember a number of them and are tempted to make notes of them so undermining their usefulness as guarantors of identity. A single password may even be shared by a group of people. There exist types of software designed to “sniff” or observe the use or exchange of passwords and intercept them;

· protected authentication is similar but does not rely on clear text exchange of the passwords and therefore protects against interception and replay of communication;

· strong authentication uses an encrypted secret known only to the sender of the message to guarantee his identity. This type of authentication may be needed for purposes of non-repudiation, i.e. the authenticated sender of the message cannot later deny having sent it if, for example, he orders some goods or services.

Identification systems can be bought off the peg e.g. the Athens Access Management System [3], an access management system controlling access to online databases, and Kerberos [4], a network authentication protocol which uses secret key cryptography.

Authentication in the near future will probably be done by local or central government agencies which will issue members of the public with an all-purpose form of identification, probably some kind of smartcard, which will give holders access to a range of services including museums, libraries and archives.

Privacy Back to Scope

The coming age of personalisation systems will end the relative anonymity of users and pose an ethical dilemma to cultural heritage institutions. When people identify themselves to an electronic information system they have made it easy for their activities to be monitored in a way which it is impossible for them to deny. Policies must allow people to opt out of some of the electronic systems which track usage and must give them the guarantee that data of this kind will remain private and never divulged.

Biometric authentication systems such as fingerprinting have advantages such as the elimination of the problem of lost tickets. However people must individually agree to such a system and alternatives made available for those who do not wish to take part.

The EU Data Protection Directive [5] requires all organisations making use of user profiling to declare explicitly to the user what they will use the data for. (See also the guideline on Legal and rights issues.)

Smartcards and swipe cards Back to Scope

These are not technical terms and are sometimes not used with precision, but the following distinction is usually observed:

· Swipe cards: plastic cards with a magnetic strip on them which, on being swiped through a groove or slot, identify a user and permit them to access certain facilities. They may, for example, open a door or let them use a computer terminal. They do not contain any more information than is necessary to identify the individual, the real information about them being held on a database.

· Smartcards may be physically identical to swipe cards and work in the same way but unlike swipe cards they contain a microchip which can contain information about a particular individual and can carry out calculations. This information will not be stored on any other database. Contactless smartcards are now becoming more common. These have an embedded inductive loop aerial which allows them to work in proximity to a contactless card reader without physically making contact. These types of cards are already used by several toll systems and mass transit operators including the London Underground.

Swipe cards are cheap but smartcards are fairly expensive to issue and uneconomic for most museums, libraries and archives as a stand-alone application. However, some local authorities use them to provide access to a range of services including libraries, museums and archives as well as car parks, swimming pools etc. Several European cities have introduced multipurpose cards under the Multi-application SmartCities project [6]. There are a large number of standards relevant to smartcards - also called identification cards and financial transaction cards [7].

Smartcards are a potential way of providing or controlling access to a range of services without time-consuming staff involvement other than that involved in updating, personalising and issuing the card, e.g.:

· as a way of charging for goods and services such as photocopies, print-outs, subscription online databases, e-books, or items from a gift shop, either on site or remotely;

· to restrict access to predetermined web sites e.g. for children (a basic list of sites could be provided with parents able to modify it if they wish);

· to provide access to subscription-based services e.g. for business users;

· to provide access to the personalised choices of the user of a network e.g. show on the screen the services that user has chosen and no others, or their favoured fonts, templates, language and other settings;

· to regulate the time spent by users of certain services such as the Internet, which it is difficult for staff to supervise.

Payment systems Back to Scope

Museums, libraries and archives may wish to charge users for some services, or may sell goods, or they may wish to charge users who make use of their facilities from remote locations, or to charge other organisations (e.g. for interlibrary loans). They will need a higher level of security for functions involving payment than for others. There are electronic systems of payment involving the use of smartcards and PCs, or substitutes for PCs such as digital televisions. Points to note include:

· value may be held in an encrypted file on a PC or equivalent and protected by a password. It may be transferable to another PC using currently available technology;

· smartcards are hard to counterfeit, though they can be stolen and their loss is the equivalent to losing cash as the value cannot be refunded;

· several different payment mechanisms can be combined on the same smartcard e.g. Visa, MasterCard etc.;

· money can be transferred over the telephone and from one card to another;

· payment using a smartcard will be quick, as validation is not necessary, and anonymous as information about the buyer is not transferred with the payment. In this it resembles the use of cash;

· smartcards may be reloadable i.e. value can be uploaded and the card can be reused indefinitely.

There are standards on electronic transactions e.g. CEPS (Common Electronic Purse Specifications) [8] and EEP (European Electronic Purse) [9]. In general a number of conditions for electronic charging systems are required:

· there must be some evidence that the apparent originator of an electronic transaction is the authenticated user associated with that ID (non-repudiation);

· there must be evidence that the intended recipient of a message really got it (evidence of receipt);

· there must be evidence that an electronic communication was not tampered with in transit.

Personalisation Back to Scope

Personalisation functions could include:

· enabling institutions to:

° treat users as individuals – greet them by name, avoid asking them twice for the same information, etc.;

° provide users with information on new materials, web sites, etc. based on their stated areas of interest. This could be done by means of alerts sent by e-mail or SMS (Short Message Service). Users could have more than one identity for this purpose e.g. a work identity, a learning identity and a leisure identity;

° provide users with personalised search results in response to queries.

· enabling users to:

° manage their own library transactions;

° order up books, documents etc. which they wish to see on their next visit to the archive or library;

° reserve computers, microfilm readers etc. to be used on their next visit;

° book visits to exhibitions, buy tickets to events, order items from gift shops, order print-outs, copies etc.;

° build their own personal museum, library or archive by saving URLs, bibliographical details, etc.;

° design their own web page - especially useful for those requiring special access facilities such as print impaired people or those using a different language - and select which services they want to receive;

° personalise their visits to a museum;

° create a visit plan prior to a visit, taking into account personal interests and such things as whether children will be included in the group;

° create their own virtual exhibitions;

° interact with others with similar interests so building virtual communities of interest.

Personalisation can take place on 2 levels:

· aimed at individuals;

· aimed at groups e.g. children, business users. When aimed at groups, requirements specific to those groups can be incorporated e.g. filtering of websites for children, service in a minority language for linguistic minorities.

Personalisation can be brought about in two ways:

· implicit personalisation (computer driven) - the system tracks usage patterns and preferences and adapts systems and interfaces accordingly (e.g. Amazon [10], A9 [11], and eurekster [12];

· explicit personalisation (under user control) - systems which can hold data about users with their full knowledge and which can enable users to identify themselves and so gain access to services which they have customised deliberately (e.g. most Internet portals such as My Yahoo [13]). This type of personalisation has enormous potential in the cultural sector. Applications can include alerts, newsletters, calendars, etc. Institutions can also offer on their websites tools to allow users to save images, articles, links, search results etc. during navigation, and so create a personal environment within the website to which they can return and find information of interest and to which they can continuously add new items. So far only a few large museums have been able to put such ideas into practice, e.g. the Metropolitan Museum, New York, the Louvre, Paris, and the UK National Museum of Science and Industry (see links).

Recommender systems Back to Scope

These are systems which take input directly from the user, and based on user needs, preferences and known usage patterns built up over time, make recommendations of products and services e.g. collections to browse, books to buy/read, websites to visit. The idea is that the user can get what they want without having to ask. The technologies involved in recommender systems are information filtering, collaborated filtering, user profiling, machine learning, case based retrieval, data mining, and similarity-based retrieval. For example a user who visits sites on Monet and Renoir could be directed to sites on French impressionism in general. Examples include Amazon [10] (available on several country-specific sites and Whichbook.net [14], a site which recommends books to read.

Personalised information retrieval Back to Scope

Information retrieval using popular search engines can result in millions of documents being retrieved. Searchers typically will only look at the first page or two of results and so may miss relevant information.

Relevance feedback systems work towards overcoming this problem. There are two types of relevance feedback system – explicit and implicit.

· Explicit relevance feedback relies on the searcher indicating which documents contain relevant information. The system then creates a revised query based on the documents indicated. This can go on until the searcher is happy with the results. There are various drawbacks to this system, e.g.;

° it is very time consuming for the searcher;

° there is no middle ground - the searcher must indicate that the document is either relevant or not relevant.

· Implicit relevance feedback infers which pages are relevant by analysing user actions such as time taken to read a page, links followed, scrollbar activities, mouseovers, etc. The system then generates successively expanded queries based on an estimate of the user’s needs. Over time the user is exposed to more relevant information. Two different responses to the same initial query can develop:

° the user’s information need becomes more crystallised and the results more targeted;

° the user’s information need changes in the light of new information received. Over time the system will look at any new search terms inserted by the user, or new links followed, and develop new queries based on these, so finding different results.

Image retrieval is another way of personalising information retrieval which is particularly relevant to the museum and art gallery domain. Users start by browsing a set of images. Based on their selection, new images are presented and a search path develops. This allows for direct searching without the need for formal description of the information need.

Portals Back to Scope

Portals too can offer searchers something more targeted than a search-engine result set. A portal brings together content from diverse distributed resources, collates it into an amalgamated form, and presents it to the user, usually via a web browser, though other means are also possible such as via alerting services. Many organisations are now developing portal-type access to their services for their customers. Banks are encouraging their customers to manipulate their own bank accounts on-line and supermarkets are providing automated shopping facilities which have a memory of the customer’s previous choices. The purpose of the customised portal is to save information for customers and avoid presenting them with information they do not need: a potential solution to the problem of information overload. Portals can:

· enable users to create their own information and research environments. This could be particularly useful to people without Internet access at home or at work;

· be customised to specific user groups such as students. Portals, or subject gateways, are often useful for educational purposes.

Interactive fora and online communities Back to Scope

A number of institutions now offer interactive fora to their users to enable them to review or discuss exhibitions, books, films, music etc. Such sites can be a good way of communicating with users, especially special groups of users, and of keeping them up to date with events, recent acquisitions etc. It is possible for this kind of site to be customised so that readers can elect to be notified only about news of interest to them. Once people have applied for personalised alerts etc, it is possible to identify communities of users with similar interests and to enable them to interact with each other, if they wish to do so (see privacy). Online forums can be created to facilitate discussion and debate and the sharing of news, etc., particularly valuable for teachers and students who can set up virtual learning environments (see lifelong learning).

Virtual museums, libraries and archives Back to Scope

A virtual museum, library or archive can either be linked to one physical institution, or it can exist only as a virtual institution. In the latter case it will usually have been created by a consortium drawing on the contents of many institutions.

Museums and heritage sites are increasingly setting up websites which are essentially virtual museums. These enable users to create their own virtual visits according to their interests, rearrange the exhibits, learn about specific items at a level of detail which they can choose, use virtual tour guides, etc.

Virtual archives can enable users to examine archives according to a theme or subject regardless of their physical arrangement or geographical location.

Libraries and archives can offer their users virtual enquiry services. These can be, for example:

· e-mail and phone based services which connect with the institution’s website, collection of Internet links, computerised catalogue etc. Systems of this kind are often connected with an enquiry management system, which records details of enquiries and enquirers. Essex Libraries Answers Direct service is an example of this type of service (see Links).

· e-mail enquiry services making use of “chat” or live-interaction software, enabling the user to communicate directly with a member of staff. Gateshead Libraries' Live Help is an example (see Links). This type of service is ideally suited to explaining to people about the use of digital resources such as on-line databases and websites which can be explored together and transferred directly to the user without having to be described in words. Enquiries can be transferred live, while the user is still on-line, to another institution which has similar software. There are some commercially produced examples of this type of software [15].

For a discussion of “virtual libraries” see Digital Reference Overview: an issue paper from the Networked Services Policy Task Group. UKOLN, February 2003. [16].

Smart labels and tags Back to Scope

RFID (radio frequency identification) labels or tags have considerable advantages over barcodes. For example:

· as they use radio frequencies to transmit data to a reader, they do not require line of sight or close proximity to the reader in order to be read;

· they are (re)programmable and so can be used more than once and for more than one function;

· they are physically durable and not susceptible to damage from dirt, grease or water, and so can be used outside on heritage sites etc.;

· they can be fixed to or embedded unobtrusively in virtually any object, which is important given the variety of objects and media held in heritage institutions;

Smart tags can be used for work processes such as inventory management, check-in and check-out of library books, and anti-theft control. However they can also be used to provide innovative guiding services and to study visitor behaviour. Possibilities for personalising visits could include:

· issuing visitors with a smart tag which they can take round an exhibition and use to get information about particular objects. At the end of the visit the data collected on the tag can be downloaded and a printout of pictures of the objects they were particularly interested in can be given to them to take away;

· combined with headphones or PDAs (Personal Digital Assistants), visitors to a heritage site could wander around at will listening to or reading information about features as they approach them. The language in which the information is given, and the level of information, can be tailored to the visitors’ needs;

· used with avatars or robots they can guide people round an exhibition, focussing on items of interest to the person or group. This could be especially useful for groups of children.

There are some disadvantages associated with smart tags, e.g.

· they are comparatively expensive as compared with barcodes;

· they have a fairly short lifespan, not important in a retail setting but very important in the heritage sector;

· standards have not yet been defined. - JTC1/SC31 19762 Part 2 [17] is still under development.

For a description of this technology and examples of applications see New Technologies for the Cultural and Scientific Heritage Sector. Digicult Technology Watch Report 1, February 2003. ISBN 92-894-5275-7. pp. 63-93. [18]

Agent Technology