- Maura Byrne
- Uschi Klute
- Philip Robinson
- Björn Muschall
- Jana Freytag
- Catherine Smith
- Jackie Gottlieb
- Michelle Suranofsky
- Edward Merkel
- Kelly Drake
- Tom Paige
- Welcome to Catherine Smith, our new member from the University of Alabama.
- Barcode management – do we want to keep a list of unique barcode numbers in FOLIO? Also, what should FOLIO do with a barcode when a user loses their ID? What if the user then finds their ID? (added by Maura Byrne)
- Notes, especially regarding tickets for external ID and departments
- Feature request for notes on records being displayed in pop-up or other contexts. (Steffi)
- Because this involves the Check in and Check Out apps, this may end up needing to be a feature request for RA to manage.
- Reviewing requirements that have been created and attached for Custom Fields ( - UXPROD-33Getting issue details... STATUS ) (Erin)
If we have additional time:
- Multiple Phone numbers - UIU-254Getting issue details... STATUS (Erin)
- multiple e-mail addresses - There is no JIRA for this? (Uschi)
- More topics from the Open Topics list
Action items from last meetings
- Patty will create a feature to add validation to the (required) e-mail field
(see also - LIBAPP-94Getting issue details... STATUS - but these proposals do not appear to have been implemented.)
- Patty will file a bug or feature to have Expiration date and Status actually decoupled from each other. (also refering to - UIU-1255Getting issue details... STATUS )
- Patty creates a JIRA issue: The field Birth date is not validated, you can enter a date in the future.
- Patty suggests that Theodor Tolstoy presents the Chalmers SSO solution to us at one of the next meetings. Patty will reach out to Theodor to see about scheduling a time.
- Patty will file a feature to work on password rules. It's difficult to find out which character combinations are allowed → It's not userfriendly. Proposal: make the password strength configurable
- - UXPROD-242Getting issue details... STATUS Patty will ask the CAP plan group for feedback. Erin will work with Patty to write a user story for a "thin thread" v.1 of this - a flag or checkbox on record, that if checked, would cause a record to not be updated.
- Patty will write a feature about Improving Search in the Users App so that it can be ranked. - It's UXPROD-2092
- Patty will work on a story for preferred name/preferred pronouns - UXPROD-1790Getting issue details... STATUS ("New feature")
- Patty will write a Feature Request for the enhancement os User search (for exact match like "Li")
- Patty will create a feature request for deleting user data.
- Patty will ask Magda (the reporter on - UXPROD-1811Getting issue details... STATUS ) for a status. It may not be a UM-SIG issue.
- Welcome to Catherine Smithfrom University of Alabama
- Do we want to keep a list of unique barcode numbers in FOLIO?
- What should FOLIO do with a barcode when a user loses their ID?
- What if the user then finds their ID? (added by Maura Byrne)
- The user record has all the loans and fees - only the barcode would be changed on the record. You don't need to move any other loan records.
- Catherine - in Voyager, it will save the barcodes that have been added.
- Is there a need to retain old IDs, or discard old IDs, on the user record?
- Notes- Steffi's discussion about patron notes and whether they should pop up.
- Steffi was not able to join us.
- Discussion about whether blocks would function - can we get an information block? Or something on the notes with a flag?
- Patty will reach out to Holly to get a sense of what might be possible.
- Custom Fields
- Patty will ask Khalilah just to confirm what's being planned since the main UXPROD has no custom label.
- Overly Strict Password Rules
- - MODLOGIN-38Getting issue details... STATUS
- Were these rules actually discussed with UM SIG? No one knows.
- References mentioned in the comments:
- NIST - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf
German Federal recommendations: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/International/GSK_15_EL_EN_Draft.html?nn=6604828 pages 1404-1405.
- US government password standards? Same as NIST?
- NIST prefers long passwords, with less strict password controls:
"Verifiers SHALL require subscriber-chosen memorized secrets to be at least 8 characters in length. Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length. (...)
Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets." (NIST.SP.800-63b.pdf, Chapter 126.96.36.199 Memorized Secret Verifiers)
Their recommendation to prevent repetitive or sequential characters does not refer to double characters like "ss" in the password "thisisaverylongpassword"
- This article provides a good summary of the password topic: https://www.pluralsight.com/blog/security-professional/modern-password-guidelines
- Patty will talk to Khalilah
- Can group decide on changes we would like to see?
- Was password strength covered by the Security Audit - were there requirements there that they were trying to meet?
- We need password strength checking through the New User process - right now, the new user creation allows any password, and the rules kick in with password change.
- But, if you create a new user with an empty password, you can then send them a link to create a password and that does follow the rules
- Do we know where the feature is for tenant level control / customization?
- Simpler character requirements, the ability to use words / long phrases — perhaps with a trade off to have a longer minimum password
- Statistical Categories
- We had discussed as part of departmental field - ended up deciding for that as a default field with its own Jira
- Sense that we would use custom fields for these needs?
|Item||Who||Notes||Discussed Today?||Resolution / Next Steps||Carry topic?|
Searching by specific fields
Right now Users has general keyword searching; we will want to be able to search specific fields - IDs, emails, addresses, notes?
Perhaps one of these issues fits:
|Yes; this is not yet resolved.|
|Pop-ups on user transactions||Steffi||notes may be used for communication about users, and pop-ups on user transaction (or displaying of notes) is desired. Khalilah indicated this should be raised as a new feature request.|
Deleting User Records
Discussing the need for deleting patron records (no Jira currently; need for one discussed in comments of https://issues.folio.org/browse/UIU-1079)
refering to Action Item "Create Feature for password rules"
Some of the rules seem to restrict too much. We would like to configure the password strength. See configuration options in the ILS the GBV libraries use now (at the bottom of this page)
The tag was removed, and this was dropped from the MVP due to capacity (discussed at RA SIG meeting)
We can and probably should review the requirements that Khalilah has generated; they are attached to the master Jira.
Password validation in the ILS of GBV libraries (called "LBS")
In our current ILS we can set these options:
# minimum length, default=0
# Maximum length, default=length of the newly entered password.
# Minimum number of lowercase letters, default=0
# Minimum number of capital letters, default=0
# Minimum number of digits, default=0
# Minimum number of special characters, default=0
# List of allowed special characters, e.g. /$%_-
# Unauthorized words separated by a comma. The user number is generally not allowed. Example: not,yet,or
Translated with www.DeepL.com/Translator