Search found 14 matches

by lukeh
Fri Jul 27, 2018 9:50 am
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 57
Views: 14175

Re: API for Directory Web App

Did you trust that clerks, bishoprics and RS/EQ presidencies would use the CSV exports from MLS appropriately before? (I did...). This is really no different than that. Nervous church lawyers in the end did not trust local leaders enough to deal with data appropriately, and/or the church wanted peop...
by lukeh
Mon Jul 23, 2018 8:31 am
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 57
Views: 14175

Re: API for Directory Web App

You would put the same type of usage restrictions on the API as are currently shown on PDFs generated from lds.org, and printouts from MLS -- "For official Church use only" or similar (though you would maybe be more explicit about not transmitting the data to third parties or storing it in...
by lukeh
Sun Jul 22, 2018 11:32 pm
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 57
Views: 14175

Re: API for Directory Web App

So you're saying that if the Church created the API correctly, it would be impossible for an app created by a member-developer to create a situation that could result in membership data being leaked in a way that could have been prevented if the developer had not been able to have programmatic acce...
by lukeh
Sun Jul 22, 2018 9:46 pm
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 57
Views: 14175

Re: API for Directory Web App

Or do you have a suggestion for preventing a risk like that from occurring? Absolutely: as the developer, follow all the OWASP guidelines for preventing XSS/CSRF and similar attacks, or only use libraries that have certified that they follow those guidelines. More to your point, though, as a user o...
by lukeh
Sat Jul 21, 2018 3:57 am
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 57
Views: 14175

Re: API for Directory Web App

Again devinbost you are over-complicating the problem. (1) The Church does already operate a Single Sign-On system that spans all their properties (e.g. your lds.org login works on FamilySearch). I assume it's OAuth2 under the hood, but I don't know for sure. The Church would have to authorize API k...
by lukeh
Fri Jul 13, 2018 5:42 pm
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 57
Views: 14175

Re: API for Directory Web App

Well right now, we already have local leaders having to copy and paste information from lds.org, or type it back in from printed records, because the Church pulled the plug on the CSV export option in MLS. It doesn't stop people using the information, it just makes life more difficult for everyone.
by lukeh
Thu Jul 12, 2018 9:22 pm
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 57
Views: 14175

Re: API for Directory Web App

devinbost -- you are right, security is a hard problem in general. But you are very much over-complicating the problem. The Church already has a login system, with its own security measures in place, and to use the JSON API, you have to authenticate through that login system. That means that to crea...
by lukeh
Fri Jun 29, 2018 2:22 am
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 57
Views: 14175

Re: API for Directory Web App

Right. The solution I proposed above is to allow use of the API, including display or printing of information obtained via the API, but not electronic storage or forwarding of any data downloaded through the API, other than perhaps user ids, along with any external metadata (not obtained from record...
by lukeh
Thu Jun 28, 2018 11:16 pm
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 57
Views: 14175

Re: API for Directory Web App

I just want to mention I messaged a couple of the moderators involved, a while back, and requested a chance to go and talk to the legal team at Church Offices (or whoever is currently working on the new policy that my post describing the JSON API apparently provoked) -- hopefully before the policy i...
by lukeh
Mon May 14, 2018 2:07 pm
Forum: Links & Resources
Topic: API for Directory Web App
Replies: 57
Views: 14175

Re: API for Directory Web App

The Forum will follow the policy the Church determines for us. An example I enjoy sharing is that we have been asked not to give out the meetinghouse WiFi password, even though it is widely available to those who seek it. Your LDSAccess WiFi example is actually a great illustration of how API acces...

Go to advanced search