Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date

 


Attendees


Goals

  • Determine a strategy for how to support student development for mobile apps that require the use of student data, and more specifically the support for the GoGaucho app (https://gogaucho.app/).

Discussion items

TimeItemWhoNotes
5 minWelcomeDiana Antova
  • Greetings



 a year ago the developers reached out to Leesa. Seth met with Hengiy and identified the security issue. Seth reached out to Jennifer Lofthus. Nothing has been done since then. Now that the APIs exist the students reached out to us again.

Current state of GoGaucho AppDiana AntovaSteven Maglio
  • Slides: GoGaucho Presentation

  • Current functionality

    • Dining Menus

    • Class Schedule

    • Campus Maps

  • On the roadmap

    • Registration Information (pass time reminders)

    • Campus Events

    • Real-time Bus Map

  • Security Implementation

    • Login screen to get the student ucsbnetid and password

    • Login to GOLD with the student credentials

    • Screen scrape the class schedule screen and present it to the student in a mobile app

  • Technologies used

    • iOS and Android apps

    • Heroku for server-side development. Credentials are passed to Heroku and the screen scraping happens there.

  • Other
    • The students have registered a student organization with about 20 people - iOS developers, Android developers, back-end developers, marketing person, and project managers.
    • They have a professor sponsor their app development - Tobias Hollerer - Professor of Computer Science Department holl@cs.ucsb.edu 
  • privacy policy is on their website. they are not interested in monetizing the app.
  • it is important to make clear to them what our policy is
  • Leesa - very interested in independent student development, we don't have away to leverage student developers.
  • it takes campus resources who are responsible to manage it.
  • Steven - we can address some issues - credentials - use Google OAuth
  • can reach out to associated students to get funding for the server
  • other campuses have professors sponsor a year-long project to develop an app
  • we have credentials to look at the mobile apps code
  • Do code reviews with the students
  • James do we ask them to deploy the code to a UCSB space?

UCSB AppDev Team support for GoGaucho

Diana AntovaSteven Maglio
  • What we can offer?

    • Oversight of the technologies and security of the apps

      • We have been in communication with the students, reviewed their implementation and identified several security improvements

      • Will begin regular meetings with the students after Dec 11.
    • Provide APIs and better security implementation

      • We can provide the necessary data and security mechanisms to remove the need for screen scraping 

      • Google OAuth for authenticating the student which will be transitioned to the Campus OAuth when it becomes available

      • The Student Basic Info API was released today to allow them to get the perm from the ucsbnetid

      • Class schedule API is on the roadmap to replace the need for screen scraping the student schedule

      • Provide other APIs as needed - dining menus, events, etc. The dining menus API already exists and we are in conversations with Public Affairs and Associated Students to provide an events API.

    • Be the conduit between UCSB and the students.


Campus support and discussionDiana Antova
  • Use of campus branding
    • Is the name GoGaucho OK with UCSB policy?
    • Nancy Hammil - general council, she can approve the use of the name
      • between option 2&3
    • most of apps die in a few months, this one stayed
    • Leesa - students come to us with similar questions all the time, how are we going to support them? Need to come up with clear guidelines on how to support students
  • Use of student data
    • Can we leave the screen scraping on for now until we can provide a better option?
    • Students will be testing the Google OAuth in December. 
    • Class Schedule API will be released in January.
  • Legal documents to sign  
    • Data security agreement?
    • What protections the Student Code of Conduct give us?
  • Who takes responsibility if there is a data breach?
    • With the screen scraping
    • With the UCSB APIs
  • What support can Associated Students provide?
  • Can we create a badge that the app is approved by UCSB?
  • Can we add language to the app to let students know that this is not an official UCSB app?
  • How do we support the next student development team that comes up with a similar app?
  • Leesa - other campuses are letting students designate if they are OK to open their data fro app development
  • Sam - in tis app the student is accessing their own information
  • Jennifer - can't transfer rick to students
  • Sam - they do need to be aware that they have access to something special and they need to treat it this way.
  • Anthony - include the faculty sponsor in the DS Agreement signing
  • Leesa - talk to the faculty in comp science and give them a formal structure
  • Sam - before any stopping effort, we want to tell students how to get to a Yes.
  • Sam - see policy that says you cannot ask someone for a password.
  • Ask students to put verbiage on the app that this is a student developed app. Every time they go to login have a message displayed.
  • Leesa - OK to have the student schedule
  • Leesa, Sam -  if they are committed to changing to the API once it is available we are OK to leave the screen scraping for now.
  • Cam associated students help - Sean - can provide funding for the project, can be on a recurring basis. if they are an they can get lock in funding. now they are part of campus life org. AS groups are different. they can go for funding from elections to pay for staff also
  • Leesa - this might stop other apps
  • Anthony - bring AS to the conversation with Faculty to see what the partnership can look like.
  • Shea - identity is working towards providing this
  • Jennifer - can work with Nancy on the kind of language that we want students to sign.

Decisions

Action items

  •  Type your task here, using "@" to assign to a user and "//" to select a due date

...