Posted: Fri Nov 13, 2009 10:04 am
I emailed back and forth with Avikey and the latest as of October 30th is that they are working on the app for BlackBerry and expect to have it out in a couple weeks.
boomerbubba wrote:I have just sent the vendor, Avikey, an email inquiring about this. Does anyone have detailed knowledge about this one way or another?
Yes.. the parsing rules for the device are delivered using our server.
That way, if the church substantially changes the layout of LDS.org,
we can adjust the parsing rules remotely that are used by your device.
So in this sense, yes, the app doe require the use of a third party
server to work. If that server is missing, the app will fall back on a
default set of parsing rules.
That is my understanding as well. You actually send your user credentials to Avikey and they use them to access your unit website.boomerbubba wrote:My impression from reading this thread and related threads here about the iWard and iStake apps has always been that these apps merely connected the user's device directly to LUWS as a browser-client and downloaded the directory data to the handheld.
Now I am not at all sure that is the case. I have seen a reportthat iWard connects to the vendor's own servers, which in turn connect to LUWS using the user's logon credentials. I have just sent the vendor, Avikey, an email inquiring about this. Does anyone have detailed knowledge about this one way or another?
lakeytw wrote:That is my understanding as well. You actually send your user credentials to Avikey and they use them to access your unit website.
The Church IT department cares very deeply about this. Yes, these are very changing times. And it does take some time to get policy decisions through a large organization.Flandry wrote:Reading the linked discussion on google groups and this thread gives me the heeby-jeebies. When i consider all the special instructions i was given as a membership clerk . . .
Is this member data security nightmare just a temporary artifact of the time it takes to get policy decisions through a large organization, or does the church IT dept. really not care about this?
lajackson wrote:There are policies in place relating to the use third party servers, and leaders have very specific instructions about securing any information that comes out of MLS and goes onto their personal devices, including passwording, protecting, using only for callings, and removing it when they are released. You have outlined some of them in your post.
I rather suspect that most users of this product are not even aware of how it really functions. I was not until about 24 hours ago, and I am probably better informed than most non-technical members. The very cleverly worded PR of the site obscures these facts, IMHO, if only by omission and ambiguity. A user might be forgiven for thinking that he is connecting to secure.lds.org via a single, end-to-end SSL connection to his own device, just like he might do with an online banking client or browser. The website says:
You may not share your LDS Account password with anyone.
Note the "s" in "connections."All of the data exchanged between your device and LDS.org is done over encrypted SSL connections and we don't store or view any of your information our servers (or anyone else's servers, for that matter).