2018-12-06 Student Application Development Support

Owned by Diana Antova
Last updated: Aug 15, 2019
4 min read

Date

 


Attendees

Steven Maglio
(tick)

Seth Northrop

(tick)
Diana Antova(tick)
Josh Andersen(tick)
James Kinneavy (Unlicensed)(tick)
Leesa Beck (Unlicensed)(tick)
Anthony Schmid(tick)
Jenifer Lofthus(tick)
Marisela Marquez(error)
Shea Lovan(tick)
Sam Horowitz(tick)
Sean Lieberman(tick)


Goals

  • Determine a strategy for how to support student development for mobile apps that require the use of student data, and more specifically the support for the GoGaucho app (https://gogaucho.app/).

Discussion items

TimeItemWhoNotes
5 minWelcomeDiana Antova
  • Greetings

History of this appSeth Northrop
  • A year ago the developers reached out to Leesa. Seth met with Hengiu and identified the security issue. Seth reached out to Jennifer Lofthus.
  • Nothing has been done since then.
  • Now that the APIs exist the students reached out to us again.

Current state of GoGaucho AppDiana AntovaSteven Maglio

  • Slides provided by the students: GoGaucho Presentation

  • Current functionality

    • Dining Menus

    • Class Schedule

    • Campus Maps

  • On the roadmap

    • Registration Information (pass time reminders)

    • Campus Events

    • Real-time Bus Map

  • Security Implementation

    • Login screen to get the student ucsbnetid and password

    • Login to GOLD with the student credentials

    • Screen scrape the class schedule screen and present it to the student in a mobile app

  • Technologies used

    • iOS and Android apps

    • Heroku for server-side development. Credentials are passed to Heroku and the screen scraping happens there.

  • Other
    • The students have registered a student organization with about 20 people - iOS developers, Android developers, back-end developers, marketing person, and project managers.
    • They have a professor sponsor their app development - Tobias Hollerer - Professor of Computer Science Department holl@cs.ucsb.edu 
  • Privacy policy is on their website. they are not interested in monetizing the app.
  • it is important to make clear to them what our policy is
  • Leesa - very interested in independent student development, we don't have a way to leverage student developers.
  • it takes campus resources who are responsible to manage it.
  • Steven - we can address some issues - credentials - use Google OAuth
  • can reach out to Associated Students to get funding for the server
  • other campuses have professors sponsor a year-long project to develop an app
  • we have received credentials to look at the mobile apps code
  • Planning to do code reviews with the students
  • James - do we ask them to deploy the code to a UCSB space?

UCSB AppDev Team support for GoGaucho

Diana AntovaSteven Maglio

  • What we can offer?

    • Oversight of the technologies and security of the apps

      • We have been in communication with the students, reviewed their implementation and identified several security improvements

      • Will begin regular meetings with the students after Dec 11.

    • Provide APIs and better security implementation

      • We can provide the necessary data and security mechanisms to remove the need for screen scraping 

      • Google OAuth for authenticating the student which will be transitioned to the Campus OAuth when it becomes available

      • The Student Basic Info API was released today to allow them to get the perm from the ucsbnetid

      • Class schedule API is on the roadmap to replace the need for screen scraping the student schedule

      • Provide other APIs as needed - dining menus, events, etc. The dining menus API already exists and we are in conversations with Public Affairs and Associated Students to provide an events API.

    • Be the conduit between UCSB and the students.


Campus support and discussionDiana Antova
  • Use of campus branding
    • Is the name GoGaucho OK with UCSB policy?
    • Nancy Hamill - general council, she can approve the use of the name
      • she has read the email that Diana sent earlier and is suggesting something between options 2&3
    • most of apps die in a few months, this one stayed
    • Leesa - students come to us with similar questions all the time, how are we going to support them? Need to come up with clear guidelines on how to support students
  • Use of student data
    • Can we leave the screen scraping on for now until we can provide a better option?
    • Students will be testing the Google OAuth in December. 
    • Class Schedule API will be released in January.
  • Legal documents to sign  
    • Data security agreement?
    • What protections the Student Code of Conduct give us?
  • Who takes responsibility if there is a data breach?
    • With the screen scraping
    • With the UCSB APIs
  • What support can Associated Students provide?
  • Can we create a badge that the app is approved by UCSB?
  • Can we add language to the app to let students know that this is not an official UCSB app?
  • How do we support the next student development team that comes up with a similar app?
  • Leesa - other campuses are letting students designate if they are OK to open their data for app development
  • Sam - in this app the student is accessing their own information, no other students can see their info
  • Jennifer - can't transfer rick to students with a DS agreement
  • Sam - they do need to be aware that they have access to something special and they need to treat it this way, so it is good to have them sign a document.
  • Anthony - include the faculty sponsor in the DS Agreement signing
  • Leesa - talk to the faculty in comp science and give them a formal structure
  • Sam - before any stopping effort, we want to tell students how to get to a Yes.
  • Sam - wants to see policy at UCSB that says you cannot ask someone for a password in an unauthorized way.
  • Ask students to put verbiage on the app that this is a student developed app. Every time they go to login have a message displayed.
  • Leesa - OK to give access to the student schedule
  • Leesa, Sam -  if they are committed to changing to the API once it is available we are OK to leave the screen scraping for now.
  • Can associated students help - Sean - can provide funding for the project, can be on a recurring basis. if they are a registered group they can get lock-in funding. Now they are part of campus life org. AS groups are different. they can go for funding from elections to pay for staff time also.
  • Leesa - this might stop other apps from being developed 
  • Anthony - bring AS to the conversation with Faculty to see what the partnership can look like.
  • Shea - identity is working towards providing the OAuth in the future.
  • Jennifer - can work with Nancy on the kind of language that we want students to sign.
  • Steven and Diana will work on the student developer guidelines.

Decisions

Action items

  • Type your task here, using "@" to assign to a user and "//" to select a due date