LISTSERV - DARTMOUTH-BORROWDIRECT-GROUP Archives

Dartmouth BD folks,

I’m forwarding a message that many of you may have seen already.  Please read the updates described below and let me know if we have any questions or concerns.  And if we need to plan internally for any of these changes and the timeline if we do.

Jennifer

From: [log in to unmask] [mailto:[log in to unmask]] On Behalf Of Peter Collins
Sent: Monday, July 27, 2015 3:30 PM
To: Policy Group <[log in to unmask]>
Subject: Fwd: BorrowDirect Updates, Downtimes, and Changes

Policy Group,

Apologies to the few of you on multiple lists, but I want to make sure everyone is aware of this information.  Relais has a number of upgrades planned for the next several weeks.  I have sent the details below to both Systems and Operations.  This development has been the focus of 2015.  We had hoped to have it done earlier in the summer, but that was not in my control.  Still, the changes are important enough that we must move ahead.  I will keep groups informed should dates change or more details emerge.

Thanks,
Peter

-------- Forwarded Message --------
Subject:

BorrowDirect Updates, Downtimes, and Changes

Date:

Mon, 27 Jul 2015 15:18:28 -0400

From:

Peter Collins <[log in to unmask]><mailto:[log in to unmask]>

Reply-To:

Borrow Direct Systems Group <[log in to unmask]><mailto:[log in to unmask]>

To:

Systems Listserv <[log in to unmask]><mailto:[log in to unmask]>



Systems Group,

Relais is planning several significant updates to the BorrowDirect system in August.  Most of these changes will not involve work on your part unless you are using the Relais web services (api), in which case there are a few changes.  Also, if you handle installation of the print client, you will need to assist with that upgrade (see below).  I want to make sure everyone is aware of the changes forthcoming which among other things, are intended to improve the security of the service.  I will be interested to know from this group whether indeed security is improved and what, if any, further development we need to do on that front.

Changes to Discovery - September 1
We pass Relais an OpenURL which contains the patron's library barcode.  Relais then uses the barcode to authorize the user against your ILS using NCIP or Voyager eSIP.
Current Configuration:  Every time the systems runs a shelf status availability check, it also runs authorization against the ILS.  This means that during a single user's session, they may be "authorized" many times (inefficient and it means that the barcode is transmitted across the network many times).

New Configuration:  The user will be authorized against the ILS at time of login.  Authorization will take place using the Relais Authentication web service.  The Authentication web service establishes an authorization ID (aid) that will then be used to manage the user session.  The aid is unique to the session and will expire at a set interval of inactivity.  (more info about security of this web service below)
Security Certificates for NCIP - September 1
Several institutions (Chicago, Duke, Hopkins?) are having to run self-signed security certificates for NCIP.  This has been due to old java code running as part of the existing authorization in Discovery.  With the changes outlined above, Relais will be compatible with SHA2 and no longer require the self-signed certificates for these institutions (or when future libraries upgrade their certificates).

Web Services (API) Changes - August 19
Relais will be making changes to both the Authentication Web Service<https://relais.atlassian.net/wiki/display/ILL/Authentication> and the FindItem Web Service<https://relais.atlassian.net/wiki/display/ILL/Find+Item>
Authentication:  The Authentication web service will now use an API key to block unauthorized use of the service.  Libraries wishing to make use of the web services (all of which require use of this Authentication web service) must obtain an API key from Relais (contact me).

FindItem:  This is the web service which returns a yes/no availability response regarding whether a requestable copy is available in BorrowDirect.  As originally released, FindItem xml could either contain the patron's library barcode OR an authorization ID (aid).  Relais is removing the ability to send a patron barcode to this web service.  Instead, an aid must be obtained for the user prior to sending a FindItem request.  (NOTE:  libraries wishing to run FindItem without requiring the patron to login may still use a "generic patron" barcode, but they must pass that barcode through the Authentication web service to establish an aid).
Database Access Restrictions - August 5-30
Relais is releasing a new print client that will encrypt sensitive connection data.  The database has always had limited access by IP.  Now passwords will also be encrypted in control files and all passwords (staff and system) will be encrypted in transmission.  The client will be released in early August.  Use of the old client will remain through the end of the month, at which time libraries will need to have transitioned to the updated version.

Expected System Outage for Upgrades
Tuesday, July 28, 7:00 - 8:00 a.m. -- The patron interface will be down for a time during this hour for upgrades.  Staff functions are not affected.

Wednesday, August 5, 6:00 - 8:00 a.m. -- For approximately 1 hour during this window the patron interface will be down for upgrades.  Staff functions are not affected.

Wednesday, August 19, 6:00 - 8:00 a.m. -- For approximately 1 hour, all web applications, patron and staff, will be down for upgrades

Saturday & Sunday, August 29 - 30 -- This is the date of the expected transition from the current authorization model to the new one.  Relais is still determining work and impact to access, but we are told to expect significant downtime while the new code is put in place.
I will keep the group informed as I get any more information about these changes.

Thank you,
Peter



--

Peter Collins



Project Manager, Borrow Direct

Van Pelt-Dietrich Library

University of Pennsylvania

3420 Walnut Street

Philadelphia, PA  19104



215-746-4156

[log in to unmask]<mailto:[log in to unmask]>



--

Peter Collins



Project Manager, Borrow Direct

Van Pelt-Dietrich Library

University of Pennsylvania

3420 Walnut Street

Philadelphia, PA  19104



215-746-4156

[log in to unmask]<mailto:[log in to unmask]>



########################################################################

To unsubscribe from the DARTMOUTH-BORROWDIRECT-GROUP list, click the following link:
https://listserv.dartmouth.edu/scripts/wa.exe?SUBED1=DARTMOUTH-BORROWDIRECT-GROUP