Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date

 


Attendees


Goals

  • Determine a strategy for how to support student development for mobile apps that require the use of student data, and more specifically the support for the GoGaucho app (https://gogaucho.app/).

Discussion items

TimeItemWhoNotes
5 minWelcomeDiana Antova
  • Greetings

History of this appSeth Northrop
  • A year ago the developers reached out to Leesa. Seth met with Hengiu and identified the security issue. Seth reached out to Jennifer Lofthus.
  • Nothing has been done since then.
  • Now that the APIs exist the students reached out to us again.

Current state of GoGaucho AppDiana AntovaSteven Maglio
  • Slides provided by the students: GoGaucho Presentation

  • Current functionality

    • Dining Menus

    • Class Schedule

    • Campus Maps

  • On the roadmap

    • Registration Information (pass time reminders)

    • Campus Events

    • Real-time

Buss
    • Bus Map

  • Security Implementation

    • Login screen to get the student ucsbnetid and password

    • Login to GOLD with the student credentials

    • Screen scrape the class schedule screen and present it to the student in a mobile app

  • Technologies used

    • iOS and Android apps

    • Heroku for server-side development. Credentials are passed to Heroku and the screen scraping happens there.

  • Other
    • The students have registered a student organization with about 20 people - iOS developers, Android developers, back-end developers, marketing person, and project managers.
    • They have a professor sponsor their app development - Tobias Hollerer - Professor of Computer Science Department holl@cs.ucsb.edu 
  • Privacy policy is on their website. they are not interested in monetizing the app.
  • it is important to make clear to them what our policy is
  • Leesa - very interested in independent student development, we don't have a way to leverage student developers.
  • it takes campus resources who are responsible to manage it.
  • Steven - we can address some issues - credentials - use Google OAuth
  • can reach out to Associated Students to get funding for the server
  • other campuses have professors sponsor a year-long project to develop an app
  • we have received credentials to look at the mobile apps code
  • Planning to do code reviews with the students
  • James - do we ask them to deploy the code to a UCSB space?

UCSB AppDev

team

Team support for GoGaucho

Diana AntovaSteven Maglio
  • What we can offer?

    • Oversight of the technologies and security of the apps

      • We have been in communication with the students, reviewed their implementation and identified several security improvements

      • Will begin regular meetings with the students after Dec 11.
    • Provide APIs and better security implementation

      • We can provide the necessary data and security mechanisms to remove the need for screen scraping 

      • Google

oAuth
      • OAuth for authenticating the student which will be transitioned to the

campus oAuth
      • Campus OAuth when it becomes available

      • The Student

basic
      • Basic Info API was released today to allow them to get the perm from the ucsbnetid

      • Class schedule API is on the roadmap to replace the need for screen scraping the student schedule

      • Provide other APIs as needed - dining menus, events, etc. The dining menus API already exists and we are in conversations with Public Affairs and Associated Students to provide an events API.

    • Be the conduit between UCSB and the students.


Campus support and discussionDiana Antova
  • Use of campus branding
    • Is the name GoGaucho OK with UCSB policy?
    • Nancy Hamill - general council, she can approve the use of the name
      • she has read the email that Diana sent earlier and is suggesting something between options 2&3
    • most of apps die in a few months, this one stayed
    • Leesa - students come to us with similar questions all the time, how are we going to support them? Need to come up with clear guidelines on how to support students
  • Use of student data
    • Can we leave the screen scraping on for now until we can provide a better option?
    • Students will be testing the Google
oAuth
    • OAuth in December. 
    • Class Schedule API will be released in January.
  • Legal documents to sign  
    • Data security agreement?
    • What protections the Student Code of Conduct give us?
  • Who takes responsibility if there is a data breach?
    • With the screen scraping
    • With the UCSB APIs
  • What support can Associated Students provide?
  • Can we create a badge that the app is approved by UCSB?
  • Can we add language to the app to let students know that this is not an official UCSB app?
  • How do we support the next student development team that comes up with a similar app?
  • Leesa - other campuses are letting students designate if they are OK to open their data for app development
  • Sam - in this app the student is accessing their own information, no other students can see their info
  • Jennifer - can't transfer rick to students with a DS agreement
  • Sam - they do need to be aware that they have access to something special and they need to treat it this way, so it is good to have them sign a document.
  • Anthony - include the faculty sponsor in the DS Agreement signing
  • Leesa - talk to the faculty in comp science and give them a formal structure
  • Sam - before any stopping effort, we want to tell students how to get to a Yes.
  • Sam - wants to see policy at UCSB that says you cannot ask someone for a password in an unauthorized way.
  • Ask students to put verbiage on the app that this is a student developed app. Every time they go to login have a message displayed.
  • Leesa - OK to give access to the student schedule
  • Leesa, Sam -  if they are committed to changing to the API once it is available we are OK to leave the screen scraping for now.
  • Can associated students help - Sean - can provide funding for the project, can be on a recurring basis. if they are a registered group they can get lock-in funding. Now they are part of campus life org. AS groups are different. they can go for funding from elections to pay for staff time also.
  • Leesa - this might stop other apps from being developed 
  • Anthony - bring AS to the conversation with Faculty to see what the partnership can look like.
  • Shea - identity is working towards providing the OAuth in the future.
  • Jennifer - can work with Nancy on the kind of language that we want students to sign.
  • Steven and Diana will work on the student developer guidelines.

Decisions

Action items

  •  Type your task here, using "@" to assign to a user and "//" to select a due date

...