Self Check: Overview
Ex Libris Alma is a next generation library management system that was developed as a pure cloud-based Software-as-a-Service (SaaS) system. Its architecture is based on leading cloud technologies, offering a secure, scalable SaaS.
Ex Libris is committed to providing our customers with a highly secured cloud environment and we have therefore developed a security model and controls that are based on accepted international protocols, standards, and industry best practices, such as ISO/IEC 27001:2005 and ISO/IEC 27002 – the standards for information security management systems (ISMS). As part of this security model, Ex Libris takes precautions to protect the personal information of system users (library staff and users) across the different system tiers and layers and across the different data transmission or exchange pathways.
Integration with Self-Service Systems
Most libraries today offer users self-service check-in and check-out ability, utilizing self-service systems from vendors such as 3M, Bibliotheca, Envisionware, and Checkpoint. Almost all of the self-service systems in the market today utilize the Standard Interchange Protocol (SIP) as the standard interface for communications between the library management system and the self-service machines.
The 3M corporation introduced the Standard Interchange Protocol (SIP) in 1993. This protocol provided a standard communication mechanism to allow library management systems and self-service devices to communicate seamlessly in performing self-service transactions. Originally, the protocol was developed for use with 3M self-service systems, but it has since become the de facto standard internationally for other companies’ self-service machines, as well as for other types of devices. It is now common to find SIP in use in self-service machines, security gates, Automated Material Handling (AMH), and so forth. In 2012, 3M donated the SIP protocol to the National Standards Organization (NISO). A newly formed NISO SIP Working Group will shepherd the protocol through the NISO standardization process. Version 2.0 of the protocol, known as SIP2, was published in 2006 and is today widely adopted by most library automation vendors. To learn more about SIP2, see the following article:
Version 3.0 of the protocol (SIP3) was published as a draft at the end of 2011, but is not yet utilized by the different vendors in the library industry.
Alma supports communication over the SIP2 protocol, which is used primarily for communication with local self-service machines. The communication is bi-directional. Since the vast majority of the SIP-based systems were built and designed without the cloud in mind, the SIP2 protocol lacks several components in order to fully support a cloud-based SaaS – namely, a unique institution ID and secure communication channel (which is supported in SIP3). Once SIP3 becomes the de-facto standard with cloud capabilities, Ex Libris will support it as well.
Alma supports the following self-check actions:
- Check out item (and canceling checkout)
- Check in item (and canceling check-in)
- Renew item
- Renew all items
- Pay fees
- Patron information
- Item information
- Patron status
- Login (enables turning the self-check machine on and off)
- Status (verifies that there is communication between Alma and the self-check machine)
See sip2 messages and fields for more details.
Securing SIP2 Communications
As the messages sent during SIP2 communication contain patron personal information, the traffic must be secured to comply with privacy requirements. SIP2 generally communicates over a TCP connection. To secure SIP2 communication, Alma uses an open source SSL encryption wrapper called Stunnel, which is a lightweight component installed locally on standard operating systems. This component creates a secure “tunnel” communication over port 6443 with Alma and also serves as a means to uniquely identify each institution.
The communication flow is as follows:
- The SIP2 local machines communicate with Stunnel software that is installed on the local Windows/Linux workstation.
- The Stunnel encryption component encrypts the communication using a standard encryption method and a security certificate and sends the SIP2 requests to the Alma cloud over the secure port 6443.
The following diagram describes this architecture: