LISTSERV - DARTMOUTH-BORROWDIRECT-GROUP Archives

DARTMOUTH-BORROWDIRECT-GROUP Archives

October 2015, Week 4

DARTMOUTH-BORROWDIRECT-GROUP@LISTSERV.DARTMOUTH.EDU

	LISTSERV Archives
	DARTMOUTH-BORROWDIRECT-GROUP Home
	DARTMOUTH-BORROWDIRECT-GROUP October 2015, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	FW: BorrowDirect Downtime: Saturday, October 31 from 7:00 a.m. - Noon
From:	"Jennifer R. Taxman" <[log in to unmask]>
Reply To:	Library staff involved with providing the BorrowDirect resource sharing service <[log in to unmask]>
Date:	Mon, 26 Oct 2015 15:05:43 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (65 lines)

FYI.  A number of you have seen this message already.

-----Original Message-----
From: [log in to unmask] [mailto:[log in to unmask]] On Behalf Of Peter Collins
Sent: Monday, October 26, 2015 11:00 AM
To: Systems Listserv <[log in to unmask]>
Subject: Fwd: BorrowDirect Downtime: Saturday, October 31 from 7:00 a.m. - Noon

Systems Group,

Updates are scheduled for this weekend which you may be interested in. Sorry for the lengthy email. I tried to include relevant information, but let me know if you have further questions about any of these features.

Thank you,
Peter

----- Forwarded Message -----
From: "Peter Collins" <[log in to unmask]>
To: "BD-PARTNERS-L" <[log in to unmask]>
Cc: "Policy Group" <[log in to unmask]>
Sent: Monday, October 26, 2015 10:58:35 AM
Subject: BorrowDirect Downtime:  Saturday, October 31 from 7:00 a.m. - Noon

Operations Group,

At the recent BorrowDirect meeting, some of you may have heard me talk about new features and security enhancements that will be coming along with a software update. This update has been scheduled for Saturday, October 31 from 7:00 a.m. - noon. The upgrade may not take the full five hours, but we need to set aside this much time to be sure the upgrade and testing is fully complete. You may want to post a notice on your login page prior to this event. Public and staff access will be interrupted. From analysis that I did on request traffic, Saturday morning was the best time of the week to schedule this update.

This is a significant update to the "availability" or "requestability" logic and includes several important security updates that we have been anxiously awaiting. I know that this looks like a lot of text, but please skim the headings below and read the details as they interest you and apply to your operations. As always, please let me know if you have questions or concerns.

SECURITY UPDATES:

* Ability to use SHA2 Security Certificates for NCIP:  All of our systems except Voyager use NCIP circulation integration. SHA1 security certificates are being phased out, and the existing infrastructure did not support SHA2 certificates due to the outdated Java 1.4.2 environment. The updated requestability code will now allow libraries to transition to SHA2 certificates (some libraries have been running "self signed" certificates while they awaited this change). Following the update this weekend, you will be able to update your NCIP security certificates without breaking connectivity to BorrowDirect (no coordination with Relais is required for you to update your certificates).

* Ability to encrypt the patron barcode at login:  Login to BorrowDirect is done by passing an OpenURL to Relais that contains your library symbol and the patron barcode (more information about the OpenURL is available on the wiki at: http://borrowdirect.pbworks.com/w/page/55544202/Upgrade%20Information). With this upgrade, Relais will be able to use public key encryption. To set up, you will need to get the public key from me, and you will need to update your login script to use it. Once public key encryption is in place, Relais will shut down the ability to log in without encryption, thereby greatly reducing the ability for unauthorized access to the system. (NOTE: Operations staff may use an ILLiad Addon or other "back door" entry for proxy requesting and troubleshooting. We can maintain this access but will need to be aware of it when we move to encryption.)

* Up front authorization:  The existing configuration does not "authorize" the user against your ILS until requestability runs on a specific item that is viewed by the user (search, click title, then requestability/authorization runs). The new configuration will authorize the user against the ILS at login. You should no longer have users get into the system only to receive the message, "an error has occurred, please contact your ILL office". Users are authorized at login. Relais will use the Authentication API to set an "authorization id" (AID). The AID is session based and will time out after 10 minutes of inactivity (we can adjust the timeout, but 10 minutes is the default). This will be a big improvement over the existing session and credential management (I won't attempt to document why here, but if you are curious, let me know).

==> NOTE ON OPTIONS:  If libraries would like, they may call the Relais Authentication API and pass users in with an AID instead of passing an OpenURL. This will require reconfiguring your login script and may not offer any more benefits than encrypting the patron barcode. If interested, please contact me to discuss.

* APIs use an API Key:  This update coincides with updates to the APIs (we are calling v.2). This includes the requirement that you use an API key when communicating with the API to help secure them from unauthorized use.

USER UPDATES:

* Patron name displayed in the UI:  Currently when you log into BorrowDirect, in the top right corner is says, "Hello [Penn] Library User" (your institution name). With the "up front authorization" in place, the system will now be able to display the users name during the session. So for me it will say "Hello Peter Collins".

* Circulating material with no call number:  When we spec'ed the original system with Relais we had them build in the logic that material with no call number did not circulate. When Harvard joined, this meant that we were unable to circulate around one million volumes from HD that were never given call numbers. With this update, those items will immediately be made available to request through BorrowDirect. This setting will only be turned on for Harvard initially, but if other institutions have material that should be requestable and does not have a call number, please contact me to talk about how to get this turned on (this may be useful for the "backlog" material that the Collections Group is interested in adding, and I will be working with them following the update).

* Improved availability logic for eResources:  Some institutions do not fully catalog eResources (no item records). This has made it difficult for BorrowDirect to determine local ownership. This will be improved with this update. We will also have the ability to display a unique message to the user when viewing eResources. This is functionality we gain but will need to implement following the update this weekend.

* Ability to hide My Account link or point to a different URL:  For libraries that integrate BorrowDirect request history into their local My Account using the RequestQuery API, you will now be able to make that the single source for library request history, including BorrowDirect material that is on order (which now is only available through through the Relais My Account).

All this and a code base that will allow more institution-by-institution configuration and flexibility.

Thank you,
Peter

########################################################################

To unsubscribe from the DARTMOUTH-BORROWDIRECT-GROUP list, click the following link:
https://listserv.dartmouth.edu/scripts/wa.exe?SUBED1=DARTMOUTH-BORROWDIRECT-GROUP

ATOM RSS1 RSS2

LISTSERV.DARTMOUTH.EDU