<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    John,<br>
    <br>
    Sorry :( no WordPress plugin. Sounds like fun though!<br>
    <pre class="moz-signature" cols="72">-Blake-
Conducting Magic
Can consume data in any format
MOBIUS

</pre>
    <div class="moz-cite-prefix">On 1/5/2021 12:12 PM, Lolis, John
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAJiSQLD0wj6wUFyyexN0OC6BoqAugO6SWTVj-W60hBn8FiD6Nw@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">
        <div class="gmail_default"
          style="font-family:arial,sans-serif;font-size:small">That's
          great, Blake!  I don't suppose you would also have a WordPress
          plugin that would allow it to communicate using SIP2?  That's
          my holy grail these days.</div>
        <div>
          <div dir="ltr" class="gmail_signature"
            data-smartmail="gmail_signature">
            <div dir="ltr">
              <div>
                <div dir="ltr">
                  <div>
                    <div dir="ltr">
                      <div>
                        <div dir="ltr">
                          <div>
                            <div dir="ltr">
                              <div dir="ltr">
                                <div dir="ltr">
                                  <div dir="ltr">
                                    <div dir="ltr">
                                      <div dir="ltr">
                                        <div>
                                          <div dir="ltr">
                                            <div dir="ltr">
                                              <div dir="ltr">
                                                <div dir="ltr">
                                                  <div dir="ltr">
                                                    <div dir="ltr">
                                                      <div dir="ltr">
                                                        <div><span
                                                          style="font-family:"trebuchet
ms",sans-serif"><br>
                                                          </span></div>
                                                        <div><span
                                                          style="font-family:"trebuchet
ms",sans-serif">John Lolis</span><br>
                                                        </div>
                                                        <div><font
                                                          face="'trebuchet
                                                          ms',
                                                          sans-serif">Coordinator
                                                          of Computer
                                                          Systems</font></div>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </div>
                                              </div>
                                            </div>
                                          </div>
                                        </div>
                                        <div>
                                          <div dir="ltr">
                                            <div dir="ltr">
                                              <div dir="ltr">
                                                <div dir="ltr">
                                                  <div dir="ltr">
                                                    <div dir="ltr">
                                                      <div dir="ltr">
                                                        <div><font
                                                          face="'trebuchet
                                                          ms',
                                                          sans-serif"><img
src="https://drive.google.com/a/whiteplainsny.gov/uc?id=0B8o3RoemjyAfR1hZV1U0SWJDdGs&export=download"
moz-do-not-send="true"><br>
                                                          </font></div>
                                                        <div><span
                                                          style="font-family:"trebuchet
ms",sans-serif">100 Martine Avenue</span><br>
                                                        </div>
                                                        <div><span
                                                          style="font-family:"trebuchet
ms",sans-serif">White Plains, NY  10601</span></div>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </div>
                                              </div>
                                            </div>
                                          </div>
                                        </div>
                                        <div>
                                          <div dir="ltr">
                                            <div dir="ltr">
                                              <div dir="ltr">
                                                <div dir="ltr">
                                                  <div dir="ltr">
                                                    <div dir="ltr">
                                                      <div dir="ltr">
                                                        <div><font
                                                          face="'trebuchet
                                                          ms',
                                                          sans-serif"><br>
                                                          </font></div>
                                                        <div><font
                                                          face="'trebuchet
                                                          ms',
                                                          sans-serif">tel:
                                                          1.914.422.1497</font></div>
                                                        <div><font
                                                          face="'trebuchet
                                                          ms',
                                                          sans-serif">fax:
                                                          1.914.422.1452</font></div>
                                                        <div><font
                                                          face="'trebuchet
                                                          ms',
                                                          sans-serif"><br>
                                                          </font></div>
                                                        <div><font
                                                          face="'trebuchet
                                                          ms',
                                                          sans-serif"><a
href="https://whiteplainslibrary.org/" target="_blank"
                                                          moz-do-not-send="true">https://whiteplainslibrary.org/</a></font></div>
                                                        <div><br>
                                                        </div>
                                                        <div><i>When you
                                                          think about
                                                          it, </i>all<i> security
                                                          is ultimately
                                                          security by
                                                          ignorance.</i></div>
                                                        <font size="2"
                                                          face="Verdana,
                                                          Arial,
                                                          Helvetica"><span></span><span></span><br>
                                                        </font><font
                                                          size="2"
                                                          face="Verdana,
                                                          Arial,
                                                          Helvetica"><span
style="font-family:georgia,serif"></span></font></div>
                                                    </div>
                                                  </div>
                                                </div>
                                              </div>
                                            </div>
                                          </div>
                                        </div>
                                      </div>
                                    </div>
                                  </div>
                                </div>
                              </div>
                            </div>
                          </div>
                        </div>
                      </div>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
        <br>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Tue, 5 Jan 2021 at 11:56,
          Blake Henderson <<a
            href="mailto:blake@mobiusconsortium.org"
            moz-do-not-send="true">blake@mobiusconsortium.org</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px
          0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div> Wendell,<br>
            <br>
            I'd like to add one more idea/tool. We developed a SIP proxy
            for a computer/Raspberry Pi that can be located on the
            library's LAN, which negotiates the tunnel to the Evergreen
            server using pre-setup keys. Just another thing that might
            help you:<br>
            <br>
            <a href="https://github.com/mcoia/evergreen_sip_proxy"
              target="_blank" moz-do-not-send="true">https://github.com/mcoia/evergreen_sip_proxy</a><br>
            <br>
            Lightening talk on the matter:<br>
            <a
              href="http://slides.mobiusconsortium.org/blake/sip_proxy/#/"
              target="_blank" moz-do-not-send="true">http://slides.mobiusconsortium.org/blake/sip_proxy/#/</a><br>
            <br>
            <pre cols="72">-Blake-
Conducting Magic
Can consume data in any format
MOBIUS

</pre>
            <div>On 1/5/2021 9:44 AM, Josh Stompro wrote:<br>
            </div>
            <blockquote type="cite">
              <div dir="ltr">Wendell, I just wanted to add another
                confirmation, we have had 100% success requiring
                encrypted tunnels for sip2 access with outside vendors. 
                Overdrive, Hoopla, OCLC (VDX ILL), BrainFuse,  Stunnel
                has been the easiest to setup, since it is just SSL one
                vendor was easily able to adjust their own software to
                natively connect via ssl and didn't need to run stunnel
                on their end at all.
                <div><br>
                </div>
                <div>We also offer SSH tunneling, but that takes a bit
                  more work to setup, and I don't think anyone actually
                  is using that method right now.  I did exchange 4
                  emails with OCLC support where they repeatedly used
                  the term SSH but then finally said that what they
                  meant was Stunnel, sigh.  I also had to quote a
                  library journal article from a few years ago where
                  OCLC said "of course we support
                  encrypted authentication for all our products" to get
                  them to admit that they could do it.  That was a fun
                  email to send.</div>
                <div><br>
                </div>
                <div>The best thing to do is to put the encrypted sip
                  authentication requirement in the contract with the
                  vendor up front, which means you have to be at the
                  table when negotiating with them.  I think vendors
                  that use SIP2 are getting much better about supporting
                  encryption in general.  I think it is getting hard for
                  them to say yes to "So you don't want to protect our
                  patrons private personal information and allow us to
                  comply with our state laws about patron privacy?"</div>
                <div><br>
                </div>
                <div>If you are going to self host an evergreen system
                  and want notes on how to setup stunnel just let me
                  know.  Otherwise if you are looking at a hosted
                  solution then the hosting provider can provide those
                  assurances about stunnel being provided as an option.</div>
                <div>Josh</div>
              </div>
              <br>
              <div class="gmail_quote">
                <div dir="ltr" class="gmail_attr">On Tue, Jan 5, 2021 at
                  8:46 AM Rogan Hamby <<a
                    href="mailto:rhamby@equinoxinitiative.org"
                    target="_blank" moz-do-not-send="true">rhamby@equinoxinitiative.org</a>>
                  wrote:<br>
                </div>
                <blockquote class="gmail_quote" style="margin:0px 0px
                  0px 0.8ex;border-left:1px solid
                  rgb(204,204,204);padding-left:1ex">
                  <div dir="ltr">I'll just note that I have setup
                    several Envisionware instances to use stunnel and
                    encrypt the SIP2 communication back to Evergreen as
                    Jason Boyer describes with no issues.  It's
                    transparent to the clients as you would expect.<br
                      clear="all">
                    <div>
                      <div dir="ltr">
                        <div dir="ltr">
                          <div>
                            <div dir="ltr">
                              <div>
                                <div dir="ltr"><span
                                    style="background-color:rgb(255,255,255)"><font
                                      size="1" color="#000000">
                                      <p dir="ltr"
                                        style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><br>
                                      </p>
                                    </font></span></div>
                              </div>
                            </div>
                          </div>
                        </div>
                      </div>
                    </div>
                  </div>
                  <br>
                  <div class="gmail_quote">
                    <div dir="ltr" class="gmail_attr">On Tue, Jan 5,
                      2021 at 9:42 AM Jason Boyer <<a
                        href="mailto:jboyer@equinoxinitiative.org"
                        target="_blank" moz-do-not-send="true">jboyer@equinoxinitiative.org</a>>
                      wrote:<br>
                    </div>
                    <blockquote class="gmail_quote" style="margin:0px
                      0px 0px 0.8ex;border-left:1px solid
                      rgb(204,204,204);padding-left:1ex">
                      <div>Hi Wendell, there isn’t really anything that
                        can be done to SIP2 to make it secure without
                        making it not-SIP2. That said, what can be done
                        is to transfer it over an encrypted channel. I
                        know some Evergreen and Koha systems handle SIP2
                        this way and I suspect TLC is doing the same.
                        This tunneling can be done with stunnel (an
                        openssl TLS tunnel) or ssh port redirection and
                        most vendors are capable of dealing with one or
                        the other.
                        <div><br>
                        </div>
                        <div>There’s nothing special needed in Evergreen
                          to handle this; you just need to setup
                          SIPServer to listen to a local IP rather than
                          a public one and coordinate with the vendor
                          what type of tunnel to use. I realize this is
                          pretty non-specific but if you have any
                          questions I or someone else on the list should
                          be able to help out.<br>
                          <div><br>
                          </div>
                          <div>Jason</div>
                          <div>
                            <div><br>
                              -- <br>
                              Jason Boyer<br>
                              Senior System Administrator<br>
                              Equinox Open Library Initiative<br>
                              phone:  +1 (877) Open-ILS (673-6457)<br>
                              <a
                                href="mailto:JBoyer@EquinoxInitiative.org"
                                target="_blank" moz-do-not-send="true">email:
                                 JBoyer@EquinoxInitiative.org</a><br>
                              web:  <a
                                href="https://EquinoxInitiative.org/"
                                target="_blank" moz-do-not-send="true">https://EquinoxInitiative.org/</a></div>
                          </div>
                          <div><br>
                            <blockquote type="cite">
                              <div>On Jan 5, 2021, at 9:05 AM, Gragg,
                                Wendell E <<a
                                  href="mailto:WGragg@bryantx.gov"
                                  target="_blank" moz-do-not-send="true">WGragg@bryantx.gov</a>>
                                wrote:</div>
                              <br>
                              <div>
                                <div
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Hi
                                    all.  I haven’t posted in a while,
                                    but we are still in the process of
                                    evaluating ILS systems and our city
                                    IT department is balking at one
                                    thing, SIP2 being plain text. 
                                    Apparently, one vendor, TLC claims
                                    they have an encryption solution for
                                    SIP2, but I question whether it
                                    actually works or not, and TLC is
                                    another proprietary system, which we
                                    are trying to avoid.</div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">I
                                    have been trying to research SIP2 a
                                    bit more and am not finding a lot of
                                    information about security issues
                                    with it.  I’m also trying to find
                                    out if anyone in the Evergreen
                                    community has worked with encrypting
                                    SIP2 messages, at least sensitive
                                    information like passwords and user
                                    barcodes.</div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Is
                                    this even possible in Evergreen and
                                    has it caused any problems with
                                    outside vendors like OCLC or
                                    Envisionware?</div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">I
                                    would like to find this out because
                                    I fear that our city IT is going to
                                    force us into an ILS we really don’t
                                    want.</div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Thanks,</div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Wendell</div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Wendell
                                    Gragg, MSIS</div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Automation
                                    Services Supervisor</div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Bryan+College
                                    Station Public Library System</div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Bryan,
                                    TX</div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">979-209-5613</div>
                                  <div style="margin:0in 0in
                                    0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </div>
                                </div>
                                <span
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline">_______________________________________________</span><br
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
                                <span
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline">Evergreen-general
                                  mailing list</span><br
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
                                <a
                                  href="mailto:Evergreen-general@list.evergreen-ils.org"
style="color:rgb(149,79,114);text-decoration:underline;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"
                                  target="_blank" moz-do-not-send="true">Evergreen-general@list.evergreen-ils.org</a><br
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
                                <a
href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general"
style="color:rgb(149,79,114);text-decoration:underline;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"
                                  target="_blank" moz-do-not-send="true">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general</a></div>
                            </blockquote>
                          </div>
                          <br>
                        </div>
                      </div>
                      _______________________________________________<br>
                      Evergreen-general mailing list<br>
                      <a
                        href="mailto:Evergreen-general@list.evergreen-ils.org"
                        target="_blank" moz-do-not-send="true">Evergreen-general@list.evergreen-ils.org</a><br>
                      <a
href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general"
                        rel="noreferrer" target="_blank"
                        moz-do-not-send="true">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general</a><br>
                    </blockquote>
                  </div>
                  _______________________________________________<br>
                  Evergreen-general mailing list<br>
                  <a
                    href="mailto:Evergreen-general@list.evergreen-ils.org"
                    target="_blank" moz-do-not-send="true">Evergreen-general@list.evergreen-ils.org</a><br>
                  <a
href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general"
                    rel="noreferrer" target="_blank"
                    moz-do-not-send="true">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general</a><br>
                </blockquote>
              </div>
              <br clear="all">
              <div><br>
              </div>
              -- <br>
              <div dir="ltr">
                <div dir="ltr">
                  <div>
                    <div dir="ltr">
                      <div>Josh Stompro - IT Director</div>
                      <div>Lake Agassiz Regional Library<br>
                      </div>
                      <div>Desk: 218-233-3757 Ext 139</div>
                      <div>Cell: 218-790-2110</div>
                    </div>
                  </div>
                </div>
              </div>
              <br>
              <fieldset></fieldset>
              <pre>_______________________________________________
Evergreen-general mailing list
<a href="mailto:Evergreen-general@list.evergreen-ils.org" target="_blank" moz-do-not-send="true">Evergreen-general@list.evergreen-ils.org</a>
<a href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general" target="_blank" moz-do-not-send="true">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general</a>
</pre>
            </blockquote>
            <br>
          </div>
          _______________________________________________<br>
          Evergreen-general mailing list<br>
          <a href="mailto:Evergreen-general@list.evergreen-ils.org"
            target="_blank" moz-do-not-send="true">Evergreen-general@list.evergreen-ils.org</a><br>
          <a
href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general"
            rel="noreferrer" target="_blank" moz-do-not-send="true">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general</a><br>
        </blockquote>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
Evergreen-general mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Evergreen-general@list.evergreen-ils.org">Evergreen-general@list.evergreen-ils.org</a>
<a class="moz-txt-link-freetext" href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>