Page Comparison

VBar

• Row 9: "FOLIO Roles". How does this apply to student works where the permissions should only be available when the students are working? If we are using individual sign-ins, how do we restrict access to functionality? Noting that permissions applied to people's accounts provides accountability. Is this covered by university's acceptable use policy for IT systems? Difficult because student access is typically tied to a specific location in systems now. Can the system supplement policy controls that we put on student workers (and others)? Limit by login location and by time?
• Row 10: "User Data Segregation". Personal data isolated from other data. Requirement from German libraries to comply with national laws. Review at a future meeting.
• Would it be useful to compile requirements by nation/region?
• Row 11: "User Data Anonymization". Touches the RPT, will need coordination with them at a future meeting.
• Row 12/13 (HTTPS). Talked about last week in conjunction with rows 5/6 (Data Encryption). Why would we not also want row 13 to be a release 1? Check in with VBaron reasoning.
• Row 15: "Anonymous Mode". What does 'selective parts of the system' mean? What use cases would this cover?
• Row 16: "Anonymous Networks". Any transaction-based event would require sign-in anyway. During the meeting we couldn't come up with a use case for needing this; review at a future meeting.
• Row 17: "Local storage of User Data". The library could store user data outside the cloud. Ties into a key concept in OLE: data could be intentionally stored in different locations. Ties into Row 10 ("User Data Segregation").
• Row 18/19: "Policy Compliance". Compliance certification process. May be a place where developers need to become aware of standards and practices. Bring in auditors for a one-time consultation.
• Row 20: Need to understand the use case. Comparable to Google personal audit? Who has been creating and manipulating your personal data.  Can you determine if a particular individual's information was compromised? The user may not be able to do anything with the personal information (a read-only view).
• Row 22: "Offline mode". Some kind of utility, especially for circulation, that would allow for capture of data and uploading/reconciling. Particularly important for cloud-hosted systems. Move to R-1? Need to push back to functional SIGs to ask what data is needed. If offline, how to handle authentication? Should this be moved to the Sys Ops & Mgt tab?

 Peter Murray

Peter Murray