Determine a strategy for how to support student development for mobile apps that require the use of student data, and more specifically the support for the GoGaucho app (https://gogaucho.app/).
Login screen to get the student ucsbnetid and password
Login to GOLD with the student credentials
Screen scrape the class schedule screen and present it to the student in a mobile app
Technologies used
iOS and Android apps
Heroku for server-side development. Credentials are passed to Heroku and the screen scraping happens there.
Other
The students have registered a student organization with about 20 people - iOS developers, Android developers, back-end developers, marketing person, and project managers.
They have a professor sponsor their app development - Tobias Hollerer - Professor of Computer Science Department holl@cs.ucsb.edu
Privacy policy is on their website. they are not interested in monetizing the app.
it is important to make clear to them what our policy is
Leesa - very interested in independent student development, we don't have a way to leverage student developers.
it takes campus resources who are responsible to manage it.
Steven - we can address some issues - credentials - use Google OAuth
can reach out to Associated Students to get funding for the server
other campuses have professors sponsor a year-long project to develop an app
we have received credentials to look at the mobile apps code
Planning to do code reviews with the students
James - do we ask them to deploy the code to a UCSB space?
Oversight of the technologies and security of the apps
We have been in communication with the students, reviewed their implementation and identified several security improvements
Will begin regular meetings with the students after Dec 11.
Provide APIs and better security implementation
We can provide the necessary data and security mechanisms to remove the need for screen scraping
Google OAuth for authenticating the student which will be transitioned to the Campus OAuth when it becomes available
The Student Basic Info API was released today to allow them to get the perm from the ucsbnetid
Class schedule API is on the roadmap to replace the need for screen scraping the student schedule
Provide other APIs as needed - dining menus, events, etc. The dining menus API already exists and we are in conversations with Public Affairs and Associated Students to provide an events API.
Nancy Hamill - general council, she can approve the use of the name
she has read the email that Diana sent earlier and is suggesting something between options 2&3
most of apps die in a few months, this one stayed
Leesa - students come to us with similar questions all the time, how are we going to support them? Need to come up with clear guidelines on how to support students
Use of student data
Can we leave the screen scraping on for now until we can provide a better option?
Students will be testing the Google OAuth in December.
Class Schedule API will be released in January.
Legal documents to sign
Data security agreement?
What protections the Student Code of Conduct give us?
Who takes responsibility if there is a data breach?
With the screen scraping
With the UCSB APIs
What support can Associated Students provide?
Can we create a badge that the app is approved by UCSB?
Can we add language to the app to let students know that this is not an official UCSB app?
How do we support the next student development team that comes up with a similar app?
Leesa - other campuses are letting students designate if they are OK to open their data for app development
Sam - in this app the student is accessing their own information, no other students can see their info
Jennifer - can't transfer rick to students with a DS agreement
Sam - they do need to be aware that they have access to something special and they need to treat it this way, so it is good to have them sign a document.
Anthony - include the faculty sponsor in the DS Agreement signing
Leesa - talk to the faculty in comp science and give them a formal structure
Sam - before any stopping effort, we want to tell students how to get to a Yes.
Sam - wants to see policy at UCSB that says you cannot ask someone for a password in an unauthorized way.
Ask students to put verbiage on the app that this is a student developed app. Every time they go to login have a message displayed.
Leesa - OK to give access to the student schedule
Leesa, Sam - if they are committed to changing to the API once it is available we are OK to leave the screen scraping for now.
Can associated students help - Sean - can provide funding for the project, can be on a recurring basis. if they are a registered group they can get lock-in funding. Now they are part of campus life org. AS groups are different. they can go for funding from elections to pay for staff time also.
Leesa - this might stop other apps from being developed
Anthony - bring AS to the conversation with Faculty to see what the partnership can look like.
Shea - identity is working towards providing the OAuth in the future.
Jennifer - can work with Nancy on the kind of language that we want students to sign.
Steven and Diana will work on the student developer guidelines.
Decisions
Diana Antova, Steven Maglio Meet with faculty (Phil conrad and Tobias Hollerer) to explore ways they can support student development.
Jennifer Lofthus - provide a document for the students to sign.
Diana Antova, Steven Maglio Create a student development guidelines and publish them on the developer portal.
