Membership Verification

Discussions around miscellaneous technologies and projects for the general membership.
Post Reply
User avatar
thedqs
Community Moderators
Posts: 1042
Joined: Wed Jan 24, 2007 8:53 am
Location: Redmond, WA
Contact:
Contact thedqs

#11

Post by thedqs »

So how would the API work? Would it Similar to facebook's or google's where the developer must get issued a developer's key so that he has access to the API? (In which case only those developer's authorized by the church could access the API).
- David
Top
cannona-p40
Member
Posts: 79
Joined: Sat May 19, 2007 2:32 pm
Location: Iowa City, IA

#12

Post by cannona-p40 »

thedqs wrote:It would be possible to verify if someone has an account with the church by passing through the church username and password and seeing if it successfully logged into the site. Problem is that no one should give out that information anyway.
Perhaps this is why the New Family Search site has a captcha on the registration page. Although, that will only make it difficult to use the page in such a manner, not prevent it completely.

Interesting... I was wondering why they did that.

Aaron
Top
russellhltn
Community Administrator
Posts: 34490
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#13

Post by russellhltn »

cannona wrote:Perhaps this is why the New Family Search site has a captcha on the registration page. Although, that will only make it difficult to use the page in such a manner, not prevent it completely.
I'd think the captcha would discourage trial-and-error attacks. If a web site is trying to convince a member to enter their information, then I'd think it would be easy to get around the captcha just by forwarding it to the end user.
Top
User avatar
thedqs
Community Moderators
Posts: 1042
Joined: Wed Jan 24, 2007 8:53 am
Location: Redmond, WA
Contact:
Contact thedqs

#14

Post by thedqs »

Captcha prevents a lot of automated attacks and registrations (usually why they are included on registration pages) but as Russell pointed out it wouldn't stop an attack that passes through the picture.
- David
Top
User avatar
WelchTC
Senior Member
Posts: 2085
Joined: Wed Sep 06, 2006 8:51 am
Location: Kaysville, UT, USA
Contact:
Contact WelchTC

#15

Post by WelchTC »

thedqs wrote:So how would the API work? Would it Similar to facebook's or google's where the developer must get issued a developer's key so that he has access to the API? (In which case only those developer's authorized by the church could access the API).
Nothing has been definitively defined but from the discussions I've been involved in, it would be similar to Facebook. Apps would have to register with the Church and then at the Church level, we could kill access to data from apps that we find are being exploited.

Tom
Top
jbh001
Senior Member
Posts: 856
Joined: Thu Mar 13, 2008 6:17 pm
Location: Las Vegas, NV

#16

Post by jbh001 »

< deleted by jbh001 >
Top
expertis
New Member
Posts: 1
Joined: Tue May 24, 2011 2:29 pm

Membership Verification

#17

Post by expertis »

I was wondering if there has been any progress on a web service to allow third-party web sites to verify information given by its members to confirm they are a member of the church? Our website is only for LDS Church members and we want to make sure the LDS Church members feel secure.

Ideally we would like to pass Membership Record Number and Birth date to a web service. The web service would ideally return a true or false.

I would really appreciate any information or direction anyone could provide.

Thank you,
Spencer
Top
russellhltn
Community Administrator
Posts: 34490
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#18

Post by russellhltn »

expertis wrote:I was wondering if there has been any progress on a web service to allow third-party web sites to verify information given by its members to confirm they are a member of the church?

Personally, I doubt if the church has any interest in creating such a API. Except to cooperate with law enforcement, I don't believe they verify membership in any other situations, so I don't think they'd do it as routine for other websites.

There is a program to work with third parties on FamilySearch. You'd have to go thoguh the whole process to become a vendor with them. You can find more details at https://devnet.familysearch.org.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
Top
robartsd
Member
Posts: 69
Joined: Sun Apr 04, 2010 9:07 pm
Location: United States, California

#19

Post by robartsd »

RussellHltn wrote:Personally, I doubt if the church has any interest in creating such a API. Except to cooperate with law enforcement, I don't believe they verify membership in any other situations, so I don't think they'd do it as routine for other websites.

I believe the church considers the simple fact that a person is a member to be personal data. Of course your application wants to confirm information that the member is choosing to share with you. In my opinion OpenID and OAuth could by implemented by the church to allow third party access to information, but leaving control of that access to the individual. As long as only information about that individual (and possibly the household they head) is shared, I see no reason for the church to be concerned about the use; however, I also see little motive for the church to invest the needed resources. The OpenID and OAuth pages would emphasize that the information was being shared with a third party that is NOT endorsed or affiliated with the church in any way.
Top
Post Reply

Return to “Other Member Technologies”