HTTPS (Almost) Everywhere

From Flickr user yusamoilov.

The University of Michigan Library is switching to solely secure (HTTPS) connections between users of our library’s resources and the resources themselves. This means that when users interact with a University of Michigan Library website listed below, all communication between the user's web browser and the library's servers will be encrypted, so that 3rd parties will not be able to eavesdrop on user's search queries or resources accessed. The library is taking this step because it’s the right thing to do and because these actions support the principles outlined in the Library Freedom Project’s Library Digital Privacy Pledge of 2015-2016.

Switching the library's system architecture to exclusively HTTPS is often complicated. One of the most significant challenges is that, in the early days of developing the U-M Library's online presence, it was decided that HTTPS would be the signifier for authenticated status. In some cases, such as the library website, authentication and authorization were tied to the transfer protocol. Authenticated use (for editing, for example) was via HTTPS; unauthenticated use was via HTTP.  Here is a summary of our current status and the library's goals for the end of 2016.

Already Converted to Exclusive HTTPS

The following services have been switched to exclusive HTTPS access as of August 2016:

Update to Exclusive HTTPS in Process

By December 2016, we commit to moving the following services to exclusive HTTPS:

1 Comment

on Aug. 29, 4:24pm

This is good news. When I learned that my personal web host, DreamHost, was beta-ing the popular LetsEncrypt solution, I was all in. Now my site automatically redirects everything to HTTPS. However you feel about Ed Snowden, I personally like flipping a middle finger at NSA.