<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
John,<br>
<br>
Sorry :( no WordPress plugin. Sounds like fun though!<br>
<pre class="moz-signature" cols="72">-Blake-
Conducting Magic
Can consume data in any format
MOBIUS
</pre>
<div class="moz-cite-prefix">On 1/5/2021 12:12 PM, Lolis, John
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAJiSQLD0wj6wUFyyexN0OC6BoqAugO6SWTVj-W60hBn8FiD6Nw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,sans-serif;font-size:small">That's
great, Blake! I don't suppose you would also have a WordPress
plugin that would allow it to communicate using SIP2? That's
my holy grail these days.</div>
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><span
style="font-family:"trebuchet
ms",sans-serif"><br>
</span></div>
<div><span
style="font-family:"trebuchet
ms",sans-serif">John Lolis</span><br>
</div>
<div><font
face="'trebuchet
ms',
sans-serif">Coordinator
of Computer
Systems</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><font
face="'trebuchet
ms',
sans-serif"><img
src="https://drive.google.com/a/whiteplainsny.gov/uc?id=0B8o3RoemjyAfR1hZV1U0SWJDdGs&export=download"
moz-do-not-send="true"><br>
</font></div>
<div><span
style="font-family:"trebuchet
ms",sans-serif">100 Martine Avenue</span><br>
</div>
<div><span
style="font-family:"trebuchet
ms",sans-serif">White Plains, NY 10601</span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><font
face="'trebuchet
ms',
sans-serif"><br>
</font></div>
<div><font
face="'trebuchet
ms',
sans-serif">tel:
1.914.422.1497</font></div>
<div><font
face="'trebuchet
ms',
sans-serif">fax:
1.914.422.1452</font></div>
<div><font
face="'trebuchet
ms',
sans-serif"><br>
</font></div>
<div><font
face="'trebuchet
ms',
sans-serif"><a
href="https://whiteplainslibrary.org/" target="_blank"
moz-do-not-send="true">https://whiteplainslibrary.org/</a></font></div>
<div><br>
</div>
<div><i>When you
think about
it, </i>all<i> security
is ultimately
security by
ignorance.</i></div>
<font size="2"
face="Verdana,
Arial,
Helvetica"><span></span><span></span><br>
</font><font
size="2"
face="Verdana,
Arial,
Helvetica"><span
style="font-family:georgia,serif"></span></font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, 5 Jan 2021 at 11:56,
Blake Henderson <<a
href="mailto:blake@mobiusconsortium.org"
moz-do-not-send="true">blake@mobiusconsortium.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div> Wendell,<br>
<br>
I'd like to add one more idea/tool. We developed a SIP proxy
for a computer/Raspberry Pi that can be located on the
library's LAN, which negotiates the tunnel to the Evergreen
server using pre-setup keys. Just another thing that might
help you:<br>
<br>
<a href="https://github.com/mcoia/evergreen_sip_proxy"
target="_blank" moz-do-not-send="true">https://github.com/mcoia/evergreen_sip_proxy</a><br>
<br>
Lightening talk on the matter:<br>
<a
href="http://slides.mobiusconsortium.org/blake/sip_proxy/#/"
target="_blank" moz-do-not-send="true">http://slides.mobiusconsortium.org/blake/sip_proxy/#/</a><br>
<br>
<pre cols="72">-Blake-
Conducting Magic
Can consume data in any format
MOBIUS
</pre>
<div>On 1/5/2021 9:44 AM, Josh Stompro wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Wendell, I just wanted to add another
confirmation, we have had 100% success requiring
encrypted tunnels for sip2 access with outside vendors.
Overdrive, Hoopla, OCLC (VDX ILL), BrainFuse, Stunnel
has been the easiest to setup, since it is just SSL one
vendor was easily able to adjust their own software to
natively connect via ssl and didn't need to run stunnel
on their end at all.
<div><br>
</div>
<div>We also offer SSH tunneling, but that takes a bit
more work to setup, and I don't think anyone actually
is using that method right now. I did exchange 4
emails with OCLC support where they repeatedly used
the term SSH but then finally said that what they
meant was Stunnel, sigh. I also had to quote a
library journal article from a few years ago where
OCLC said "of course we support
encrypted authentication for all our products" to get
them to admit that they could do it. That was a fun
email to send.</div>
<div><br>
</div>
<div>The best thing to do is to put the encrypted sip
authentication requirement in the contract with the
vendor up front, which means you have to be at the
table when negotiating with them. I think vendors
that use SIP2 are getting much better about supporting
encryption in general. I think it is getting hard for
them to say yes to "So you don't want to protect our
patrons private personal information and allow us to
comply with our state laws about patron privacy?"</div>
<div><br>
</div>
<div>If you are going to self host an evergreen system
and want notes on how to setup stunnel just let me
know. Otherwise if you are looking at a hosted
solution then the hosting provider can provide those
assurances about stunnel being provided as an option.</div>
<div>Josh</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, Jan 5, 2021 at
8:46 AM Rogan Hamby <<a
href="mailto:rhamby@equinoxinitiative.org"
target="_blank" moz-do-not-send="true">rhamby@equinoxinitiative.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">I'll just note that I have setup
several Envisionware instances to use stunnel and
encrypt the SIP2 communication back to Evergreen as
Jason Boyer describes with no issues. It's
transparent to the clients as you would expect.<br
clear="all">
<div>
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><span
style="background-color:rgb(255,255,255)"><font
size="1" color="#000000">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><br>
</p>
</font></span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, Jan 5,
2021 at 9:42 AM Jason Boyer <<a
href="mailto:jboyer@equinoxinitiative.org"
target="_blank" moz-do-not-send="true">jboyer@equinoxinitiative.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px
0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>Hi Wendell, there isn’t really anything that
can be done to SIP2 to make it secure without
making it not-SIP2. That said, what can be done
is to transfer it over an encrypted channel. I
know some Evergreen and Koha systems handle SIP2
this way and I suspect TLC is doing the same.
This tunneling can be done with stunnel (an
openssl TLS tunnel) or ssh port redirection and
most vendors are capable of dealing with one or
the other.
<div><br>
</div>
<div>There’s nothing special needed in Evergreen
to handle this; you just need to setup
SIPServer to listen to a local IP rather than
a public one and coordinate with the vendor
what type of tunnel to use. I realize this is
pretty non-specific but if you have any
questions I or someone else on the list should
be able to help out.<br>
<div><br>
</div>
<div>Jason</div>
<div>
<div><br>
-- <br>
Jason Boyer<br>
Senior System Administrator<br>
Equinox Open Library Initiative<br>
phone: +1 (877) Open-ILS (673-6457)<br>
<a
href="mailto:JBoyer@EquinoxInitiative.org"
target="_blank" moz-do-not-send="true">email:
JBoyer@EquinoxInitiative.org</a><br>
web: <a
href="https://EquinoxInitiative.org/"
target="_blank" moz-do-not-send="true">https://EquinoxInitiative.org/</a></div>
</div>
<div><br>
<blockquote type="cite">
<div>On Jan 5, 2021, at 9:05 AM, Gragg,
Wendell E <<a
href="mailto:WGragg@bryantx.gov"
target="_blank" moz-do-not-send="true">WGragg@bryantx.gov</a>>
wrote:</div>
<br>
<div>
<div
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Hi
all. I haven’t posted in a while,
but we are still in the process of
evaluating ILS systems and our city
IT department is balking at one
thing, SIP2 being plain text.
Apparently, one vendor, TLC claims
they have an encryption solution for
SIP2, but I question whether it
actually works or not, and TLC is
another proprietary system, which we
are trying to avoid.</div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">I
have been trying to research SIP2 a
bit more and am not finding a lot of
information about security issues
with it. I’m also trying to find
out if anyone in the Evergreen
community has worked with encrypting
SIP2 messages, at least sensitive
information like passwords and user
barcodes.</div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Is
this even possible in Evergreen and
has it caused any problems with
outside vendors like OCLC or
Envisionware?</div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">I
would like to find this out because
I fear that our city IT is going to
force us into an ILS we really don’t
want.</div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Thanks,</div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Wendell</div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Wendell
Gragg, MSIS</div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Automation
Services Supervisor</div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Bryan+College
Station Public Library System</div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Bryan,
TX</div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">979-209-5613</div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </div>
</div>
<span
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline">_______________________________________________</span><br
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
<span
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline">Evergreen-general
mailing list</span><br
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
<a
href="mailto:Evergreen-general@list.evergreen-ils.org"
style="color:rgb(149,79,114);text-decoration:underline;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"
target="_blank" moz-do-not-send="true">Evergreen-general@list.evergreen-ils.org</a><br
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
<a
href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general"
style="color:rgb(149,79,114);text-decoration:underline;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"
target="_blank" moz-do-not-send="true">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general</a></div>
</blockquote>
</div>
<br>
</div>
</div>
_______________________________________________<br>
Evergreen-general mailing list<br>
<a
href="mailto:Evergreen-general@list.evergreen-ils.org"
target="_blank" moz-do-not-send="true">Evergreen-general@list.evergreen-ils.org</a><br>
<a
href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general</a><br>
</blockquote>
</div>
_______________________________________________<br>
Evergreen-general mailing list<br>
<a
href="mailto:Evergreen-general@list.evergreen-ils.org"
target="_blank" moz-do-not-send="true">Evergreen-general@list.evergreen-ils.org</a><br>
<a
href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general</a><br>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr">
<div>Josh Stompro - IT Director</div>
<div>Lake Agassiz Regional Library<br>
</div>
<div>Desk: 218-233-3757 Ext 139</div>
<div>Cell: 218-790-2110</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Evergreen-general mailing list
<a href="mailto:Evergreen-general@list.evergreen-ils.org" target="_blank" moz-do-not-send="true">Evergreen-general@list.evergreen-ils.org</a>
<a href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general" target="_blank" moz-do-not-send="true">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general</a>
</pre>
</blockquote>
<br>
</div>
_______________________________________________<br>
Evergreen-general mailing list<br>
<a href="mailto:Evergreen-general@list.evergreen-ils.org"
target="_blank" moz-do-not-send="true">Evergreen-general@list.evergreen-ils.org</a><br>
<a
href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Evergreen-general mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Evergreen-general@list.evergreen-ils.org">Evergreen-general@list.evergreen-ils.org</a>
<a class="moz-txt-link-freetext" href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general</a>
</pre>
</blockquote>
<br>
</body>
</html>