GoGaucho Improvements
Background
What parts of the GoGaucho app need to be improved/revised before campus data can reasonably be delivered securely and within the intended usage of the Campus.
Goals
- Develop a list of improvements that are required for the GoGaucho application(s)
- Develop a timeline for the improvements
Assumptions
Out of Scope
Requirements
Title | Description | Notes | Status | Expected Delivery |
---|---|---|---|---|
Not an official UCSB App | It's been requested that the application have the first line of the description in the application stores a disclaimer stating that it is not an application officially produced by UCSB. As similar disclaimer should be on the login page. |
| COMPLETED | |
GoGauchoApp Account | Create an account on the Developer Portal for the GoGuacho app, and create applications for the app & cams. |
| COMPLETED | |
International Server/Service | Remove the international server/service from the architecture. It's purpose was to caching the Menu; which is now available as an API. |
Resolution
| COMPLETED (New Functionality Not Available Yet) | |
Use Google SSO Development/Proof of Concept | Get the development work done to sign in with Google's OAuth; and the ability to call Campus API's using the OAuth token. |
| COMPLETED | |
Switch Apps to use OAuth | When ready, switch the GoGaucho mobile app to use Google OAuth to login. |
| COMPLETED | |
Replace Screen Scraping Development | Replace the screen scraping with Campus API web services in a Development branch. |
| Android iOS | Android iOS |
Update the iOS App Store and Google Play Store | After the update of the student-schedules API, update the apps in the app store and google play store |
| Android COMPLETE iOS COMPLETE | Android iOS |
Use Authentication on Heroku Service | Add authentication onto the requests between the mobile apps and the Heroku service to ensure only known clients are using the service. |
Resolution
| AndroidCOMPLETE iOS | Android |
Store Keys/Secrets on Mobile App Securely | Use encryption at rest to store keys/secrets in the mobile application. |
Android (Jimmy)
iOS (Henry)
| Android iOS | Android
|
Move Keys/Secrets to the Heroku Service | Where possible, move keys/secrets to the Heroku service so that they aren't stored within the mobile application. |
| COMPLETED | |
Store Keys/Secrets on the Heroku Service Securely (nodejs) | Use encryption at rest (or a reasonable alternative) to store the keys/secrets securely. |
| COMPLETED | |
Access Card API - Remove Username/Password | Disable the access card functionality because of the need to enter a username/password. |
| Android iOS | Android - iOS - |
Events API | When ready, add events API into GoGaucho app |
| PIPELINE | |
Questions
Below is a list of questions to be addressed as a result of this requirements document:
Question | Outcome | Decision Date |
---|---|---|