Tech Forum

I'm not sure if this is the place or forum to do this but I'm working on a project where I'm hoping I can have members register with the site, using their Name, Date of Birth, and MembershipID, and then contact a web service to verify that this person actually is a member? I'm not interested in any details about the member, or membership, a simple boolean true/false for the submitted data would be just awesome.

Tremmorkeep wrote:I'm not sure if this is the place or forum to do this but I'm working on a project where I'm hoping I can have members register with the site, using their Name, Date of Birth, and MembershipID, and then contact a web service to verify that this person actually is a member? I'm not interested in any details about the member, or membership, a simple boolean true/false for the submitted data would be just awesome.

There isn't an official written policy that I can point you to about this. However, the current word from Church employees is that we should not store an sensitive membership information on non-Church web servers.

This could prove problematic to your project. Is it really necessary for you to verify they are a member?

I do like your idea of a web service of some sort that can be hit by the outside world to verify that information. I just don't think it is ok for you to be storing that info on your own servers.

Nah, I dont want to store anything other than their logon...storing personal data (like DOB, Name, SSN, etc) is WAY beyond any liability I wish to carry. BUT my site, to maintain the integrity of the data, would need to verify that the person on the site is in fact, a member of the LDS Faith, regardless of standing.

mkmurray wrote:However, the current word from Church employees is that we should not store an sensitive membership information on non-Church web servers.

If I understand it, it's an issue about uploading other people's information. A member entering their own information is another story.

That said, I don't think there is currently such an application available for use outside the church. It's an interesting idea, but I also think there's a potential dark side as well. Other then for law enforcement purposes, I'm not sure of any protocol for the church to confirm the membership status to any outside party.

Of course, there's probably ways to achieve that goal by somehow passing the information to a church website and seeing how it reacts. Which may be a concern.

RussellHltn wrote:If I understand it, it's an issue about uploading other people's information. A member entering their own information is another story.

I don't know...For some reason I'm under the impression that I don't even have rights to distribute my own membership number outside of Church sites/servers.

mkmurray wrote:I don't know...For some reason I'm under the impression that I don't even have rights to distribute my own membership number outside of Church sites/servers.

"rights" is a strong word. I would think anyone has the right to distribute any information about themselves to anyone they wish to.

But in the case of a membership number, there's an educational issue. Most people understand that it's not a good idea to hand out a Social Security Number to anyone who asks for it. I doubt if they understand the issue behind disclosing a membership number.

So, I would agree that we should discourage members from disclosing their membership number and confirmation date to others. But I don't think we can prohibit it.

Likewise we should probably discourage any third parties from trying to gather that specific information.

RussellHltn wrote:"rights" is a strong word. I would think anyone has the right to distribute any information about themselves to anyone they wish to.

But in the case of a membership number, there's an educational issue. Most people understand that it's not a good idea to hand out a Social Security Number to anyone who asks for it. I doubt if they understand the issue behind disclosing a membership number.

So, I would agree that we should discourage members from disclosing their membership number and confirmation date to others. But I don't think we can prohibit it.

Likewise we should probably discourage any third parties from trying to gather that specific information.

Especially since those two numbers (Membership and Conf Date) can allow you access to that person's ward information and then the malicious party would be able to get information about the entire stake.

It would be possible to verify if someone has an account with the church by passing through the church username and password and seeing if it successfully logged into the site. Problem is that no one should give out that information anyway.

Verifying that someone is a member through a web service can be beneficial (like a LDS only networking site) but also potentially abusive as mentioned by Russell where one can start harvesting this information for their own purposes.

Best way (and probably the only way) is to see if the church will host your idea. You can start by explaining your idea here if possible.

thedqs wrote:Especially since those two numbers (Membership and Conf Date) can allow you access to that person's ward information and then the malicious party would be able to get information about the entire stake.

Or use it to access the new Family Search and create havoc there.

But let's talk about the main issue - verifying membership. Can anyone think of a time when the church has verified that someone is a member in the "normal" world unless it was part of church business? Isn't confirmation/denial itself a privacy issue?

thedqs wrote:It would be possible to verify if someone has an account with the church by passing through the church username and password and seeing if it successfully logged into the site. Problem is that no one should give out that information anyway.

Verifying that someone is a member through a web service can be beneficial (like a LDS only networking site) but also potentially abusive as mentioned by Russell where one can start harvesting this information for their own purposes.

Best way (and probably the only way) is to see if the church will host your idea. You can start by explaining your idea here if possible.

Current Church policy is that sites should not ask users to enter in their account information (username/password/membership #/etc) even if they want to pass it through to lds.org. The problems are obvious. Malicious sites could crop up.

The idea of having an API or web service program can access through some federated security approach is a project we are exploring now. Until then, there is no way to do it.

Current Church policy also asks that people do not create web sites for official Church work. For example, ward web sites, etc. However there is no limitation on creating web sites for personal use (for example, dating sites, user groups, etc) as long as local units do not promote such sites.

Tom