Versions Compared

Old Version 2

changes.mady.by.user Steven Maglio

Saved on

compared with

New Version 3

changes.mady.by.user Steven Maglio

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date

 

Zoom: https://ucsb.zoom.us/j/239650477

Attendees

Steven Maglio
(tick) (error)

Seth Northrop

(tick) (error)
Ian Lessing Former user (UnlicensedDeleted)
(tick) (error)
Kevin Wu
(tick) (error)
Hengyu Liu
(tick) (error)
Yuan Yao(tick) (error)

Goals

  • Understand the development of the GoGaucho mobile application
  • Understand the architecture of GoGaucho 
  • Understand the security implement of GoGaucho
  • Develop Future Stesp

...

TimeItemWhoNotes
5 minWelcomeSteven Maglio
  • Greetings
20 minOverview of Application ArchitectureGoGuacho TeamHow the Student Information is gathered? How is the Student Information being secured? How are you securing information on the phone? Did the code that you provided also include the service that runs on Heroku? Or Hangfire? DecisionsSteven Maglio

Action items

...

  • Potential Projects for the future
    • Real time bus map (SBMTD)
    • Registration Information
      • Pop-Up message before a class will begin

Future Hopes for Campus SponsorshipGoGaucho Team
  • Looking for support by just have access to the Campus APIs
  • Have modeled their application around the successes of the Ohio State Student Developed App and the Iowa State Student Developed App
  • Would love to see any support by campus, that the campus is willing to provide

Future Hopes for APIsGoGaucho Team
  • Campus Events
  • Students Schedule (ie. Courses)
    • This would remove the need of having to screen scrape Gold
    • It would also make it easier to setup notifications on the phone to remind students when they need to leave for class
  • Alerting
    • Seth and Steven explained that it's a very difficult subject with many legal requirements around it and the campus needs to have a unified vision on it before any movement would be made on that.

Security Updates for the ApplicationsGoGaucho Team
  • Heroku API
    • Needs to have Authentication added to the API endpoints
    • DDOS Prevention (Maybe Heroku already does this?)
  • SqlLite on Phone
    • Encrypt Data at Rest
  • Code
    • Separate Secrets out of the code base
    • Include Secrets in Build Process


  • Depending on Campus Conversations
    • Sign Appendix DS

Security Updates for UCSB APIsSteven Maglio
  • Need to develop support to authenticate the user of the application (in this case the student)
  • Is it possible to pull the JWT token for Google Connect's authorization service?
    • We would still use API Keys with the API Gateway, but the student would be authenticated through Google's OAuth endpoint?

Action items

  •  GoGaucho Team - Submit Access Request Form https://ucsb.box.com/s/bm6y5dy68ng1pof8e6z804e4oj8vil2e
  •   GoGaucho Team - Determine Developer Portal Account to associate request with
    • Hengyu Liu's account will be used (hengyuliu@ucsb.edu)
  •  UCSB API Team - Start conversations with Campus on Usage
    • Follow-up with GoGaucho Team with results
  •  UCSB API Team - Contact the Campus Connect Team and ask about their OAuth endpoint?