API for Directory Web App

Do you have a useful link that involves the Church and the technology discussed on this site? Post your links and resources here.
lajackson
Community Moderators
Posts: 7936
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Re: API for Directory Web App

Postby lajackson » Mon May 14, 2018 8:20 am

lukeh wrote:Discussion about the allowability of information on the API should be held openly, so that there is a clear understanding as to the decision process and justification behind any decision.

For better or worse, as johnshaw pointed out, this is not the way the Church has chosen to do many things.

In the interest of clarity, since I did mention the moderator discussion, I would share the following.

The discussion is not about the existence of the API. It is about whether or not its use circumvents Church policies or security mechanisms. This is the reason posts with specific details on how to use the API are being discussed. Posts about its existence and the benefits of its use are not at issue.

Because this is a Church forum, some topics and moderator decisions receive a higher level of interest from those who make policy and security decisions for the Church. I am not at liberty to say more and it would be unwise for me to do so.

I can say that the excellent information you have presented in posts both visible and being held is being used in this review. You have made a compelling case that this is not a security issue. There are many who agree with you. Please know that all sides of this issue are being considered at the highest levels with regard to both security and policy implications.

The Forum will follow the policy the Church determines for us. An example I enjoy sharing is that we have been asked not to give out the meetinghouse WiFi password, even though it is widely available to those who seek it.

lajackson
Community Moderators
Posts: 7936
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Re: API for Directory Web App

Postby lajackson » Mon May 14, 2018 11:10 am

lajackson wrote:Because this is a Church forum, some topics and moderator decisions receive a higher level of interest from those who make policy and security decisions for the Church. I am not at liberty to say more and it would be unwise for me to do so.

I am now at liberty to say more. As I hinted, this issue has received a higher level of interest.

A response to this topic is being prepared today. Because of the level to which this topic has escalated, the response will be officially reviewed before it is posted. I have been told that the review is not going to be a fast thing and will probably take a couple of days.

In my personal experience, "a couple of days" is actually pretty fast in these situations. And again personally, I would rather those involved take the time to provide the best guidance possible the first time around.

So, as difficult as it is, patience is the virtue of the day, and probably the week. If I become at liberty to say even more, you will see it here first.

lukeh
New Member
Posts: 13
Joined: Tue Mar 06, 2018 1:40 pm

Re: API for Directory Web App

Postby lukeh » Mon May 14, 2018 2:07 pm

lajackson wrote:The Forum will follow the policy the Church determines for us. An example I enjoy sharing is that we have been asked not to give out the meetinghouse WiFi password, even though it is widely available to those who seek it.


Your LDSAccess WiFi example is actually a great illustration of how API access should work -- it's there, and you can use it if you can find out how, but it's not publicized :-) ("Public but not publicized.")

I am glad this is finally being addressed, but I'm starting to think that forgiveness would have been better than permission -- I only posted publicly in the hope that having the info out there would help others.

There has to be a model that can address the needs of local leaders for information processing capability while aligning with Church policy, protecting privacy, and maintaining control over data dissemination. This could be either a technological solution -- something like how FamilySearch allows data access to third parties through OAuth -- or policy-based, for example allowing use of the API to retrieve, display and print data, as can be done through the browser at lds.org, but not allowing anything other than member IDs to be stored locally on the API-user's drive. This would allow for the creation of things like Ministering management applications, where the mapping of member IDs to the IDs of their Ministering Brothers and Sisters is retained on the local server, but the contact details and callings of members are not stored locally. Every time you start the application and want to display contact info for members, you have to connect to the REST API to download the current membership contact info for display, and it is only ever stored in RAM, it is never allowed to hit persistent storage. Applications using the API would not allow for an electronic copy of the data to be saved, sent, copied or disseminated in any way, other than through the print / PDF generation option for reports. This would keep the exact same fence around the data as currently exists on lds.org, but it would allow sufficiently motivated leaders to move the fence so that it surrounds their own custom applications.

Is this a reasonable compromise? Whoever is working on the policy statement about the use of the API, please carefully consider the above suggestion before you finalize the policy. The above suggestion would actually fall in line with usage of data in other places, e.g. in the LDS Tools app, which forces you to re-sync frequently, so that the church maintains power of revocation over data.

It is critically important for the church to allow local leaders to figure out the best way to minister to their local congregation (Isa. 54:2 "spare not, lengthen thy cords, and strengthen thy stakes" -- the Church has to move in the direction of giving more autonomy to stakes and local units, if it is to fulfill its purpose). Please don't issue a blanket statement shutting leaders out of data usage outside of using the UIs of lds.org and LDS Tools -- they are highly inadequate for a number of important use cases, as evidenced by the number of local leaders who over the years have dreamed about and asked about getting data access so they can build something better. We technology-interested saints currently have no way to directly contribute to the development of these systems, since they are not open source.

ljcrapo
New Member
Posts: 4
Joined: Sun Aug 13, 2017 2:09 pm

Re: API for Directory Web App

Postby ljcrapo » Thu May 24, 2018 11:44 am

I would like to add to this proposal and note that if a secure API is being considered with OAuth or whatever it be, it will take time and experimentation. If it is being considered, I propose an alpha prototype be developed, backed with false data, to allow the LDSTech community to experiment and develop on. I believe those of us who are eager to contribute and utilize such a powerful tool would be more patient with the current state of things if we had an Alpha release to work with. If it were developed this way, then by the time a properly secure solution is reached and stable, we'd have working client applications ready to plug in and go from day one. An approach like this would greatly boost the moral of the LDSTech community.

lajackson
Community Moderators
Posts: 7936
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Re: API for Directory Web App

Postby lajackson » Thu May 24, 2018 3:00 pm

ljcrapo wrote:An approach like this would greatly boost the moral of the LDSTech community.

I am quite certain it would. Unfortunately, I do not believe the morale of the LDSTech community is a factor for those who are making these decisions.

Speaking of which, the expected post for this topic is still being reviewed at high levels. I do not know if the fact that it is taking longer than expected is a hopeful thing or not. But the question has neither been forgotten nor lost, which is a good thing.

nutterb
Member
Posts: 264
Joined: Tue Feb 10, 2009 7:06 am
Location: Berea, KY, USA

Re: API for Directory Web App

Postby nutterb » Mon Jun 18, 2018 12:16 pm

lajackson wrote: But the question has neither been forgotten nor lost....


25 days later...are you sure? :D

jonesrk
Church Employee
Church Employee
Posts: 1659
Joined: Tue Jun 30, 2009 7:12 am
Location: Farmington, UT, USA

Re: API for Directory Web App

Postby jonesrk » Mon Jun 18, 2018 12:21 pm

nutterb wrote:
lajackson wrote: But the question has neither been forgotten nor lost....


25 days later...are you sure? :D

It hasn't finished wandering in the wilderness for 40 day yet. :)

On a more serious note, it is still making progress, scgallafent and I discussed its status just a few days ago.
Ryan Jones
CDOL Developer
Stake Technology Specialist - Software / Stake Assistant Clerk
Former Ward Clerk

lajackson
Community Moderators
Posts: 7936
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Re: API for Directory Web App

Postby lajackson » Mon Jun 18, 2018 1:16 pm

I believe if jonesrk and scgallafent were the decision makers, it would be a done deal. Unfortunately, this issue seems to have gotten a whole lot of attention at levels I do not have enough oxygen to penetrate.

As far as I can tell though, everyone involved already knows about computers and websites. So the issue itself is the only thing needing explanation to those who are considering where the policy will be going from here. And they are taking the time to give this matter some very serious consideration from all sides.

lukeh
New Member
Posts: 13
Joined: Tue Mar 06, 2018 1:40 pm

Re: API for Directory Web App

Postby lukeh » Thu Jun 28, 2018 11:16 pm

I just want to mention I messaged a couple of the moderators involved, a while back, and requested a chance to go and talk to the legal team at Church Offices (or whoever is currently working on the new policy that my post describing the JSON API apparently provoked) -- hopefully before the policy is released, not after. I haven't heard anything back from this offer, and I realize the Church doesn't usually seek any sort of external opinion in making these decisions. Nevertheless, if the policy ends up being a blackout on any use of electronic membership data outside of viewing in the official website and app, this would be damaging to local leaders' abilities to apply creativity and their own best judgment in how to utilize membership information to magnify their callings. I believe there are some clear ways to protect membership data from falling into the wrong hands while allowing tech-savvy local leadership to use membership data in creative ways. For that reason, I want to please reiterate again my interest in having an objective face-to-face conversation about these issues before any sort of official policy is released on this issue. Whoever is connected with the legal process involved here, please reiterate my request to go talk with the team face to face.

russellhltn
Community Administrator
Posts: 24561
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: API for Directory Web App

Postby russellhltn » Fri Jun 29, 2018 1:53 am

I've heard, but not yet found a quote that said "The church moves slowly, if at all". I know from experience that things move slowly, even slower than employee predictions. From what I've heard, this hasn't been forgotten, but it's still working it's way though the process.

However, in looking for something else, I did find this: From Help Center, Keeping Church Information Safe, dated 22 August 2017:
Do not export membership or financial data from Church applications.
Do not store data found in Church applications in consumer cloud storage apps (such as Dropbox or Google Drive).

To be honest, I would be very surprised if the policy statement, once it's done making the rounds, says anything significantly different.

This is why I belive that: The data doesn't belong to the church. It belongs to the members. It's entrusted to the church so it can carry out it's mission, but there are laws that would impose costly liability if that trust is violated. As such, the church is going to keep a pretty tight grip on that data. While it's easy to say the local leaders should be trustworty, I've heard enough stories to know that some have made some really boneheaded moves. And that's just the stories I've heard. I'm sure they (and the church legal defense team) has heard a lot more.

It's simply a product of the current legal/liability environment. And I don't expect that to change until the second coming.

Suggesting specific reports that leaders need would be probably be more productive.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.


Return to “Links & Resources”

Who is online

Users browsing this forum: No registered users and 1 guest