Hi,
I notice the road map items and warning from Aggregate (see below).
My questions are:
- Do you intent the next release of Aggregate and Collect to have
secure to and from device communication?
- Does the warning in Aggregate still apply? If so, does this mean
that the transmissions will be secure, but the data on the server,
once stored, may not be?
Thanks in advance for clarifying and for creating an excellent
toolkit.
Greg
References....
Road Map items:
Authenticated server transmissions
Authentication and authorization mechanisms
From Aggregate:
ODK Aggregate is currently designed to store data on Google App
Engine.
WARNING! Google App Engine servers may be located anywhere in the
world. Depending on the sensitivity of the data and specific storage
rules/restrictions, the server infrastructure may not have all
necessary security precautions (such as encryption). It is the
organization's responsibility to research and comply with applicable
laws and regulations before storing data on Google App Engine. The
organization is also responsible for taking the appropriate security
precautions and educating users that the information will be available
to the organization and stored on Google servers.
Some examples of data that may be sensitive to users or subject to
local regulations and restrictions include:
* Financial Information: Bank account numbers, Social Security
number, credit card information
* Health Information: Personally identifying health information or
government-owned data that shouldn't reside on remote servers
* Customer Information: Names, passwords, or other login
information.
Please refer to the Google App Engine Terms of Service for further
details.
hi greg,
the roadmap is accurate. we are working towards secured communications
between aggregate and collect.
the warning on aggregate still applies when using google app engine.
even if we secure communication between server and client, we can't
guarantee the security of data once it gets to gae. additionally,
there may be legal issues you consider if you need your data stored in
country.
yaw
···
On Tue, Jan 18, 2011 at 04:51, GregM wrote:
> Hi,
>
> I notice the road map items and warning from Aggregate (see below).
>
> My questions are:
>
> 1. Do you intent the next release of Aggregate and Collect to have
> secure to and from device communication?
> 2. Does the warning in Aggregate still apply? If so, does this mean
> that the transmissions will be secure, but the data on the server,
> once stored, may not be?
>
> Thanks in advance for clarifying and for creating an excellent
> toolkit.
>
> Greg
>
> References....
>
> Road Map items:
>
> Authenticated server transmissions
> Authentication and authorization mechanisms
>
> From Aggregate:
>
> ODK Aggregate is currently designed to store data on Google App
> Engine.
>
> WARNING! Google App Engine servers may be located anywhere in the
> world. Depending on the sensitivity of the data and specific storage
> rules/restrictions, the server infrastructure may not have all
> necessary security precautions (such as encryption). It is the
> organization's responsibility to research and comply with applicable
> laws and regulations before storing data on Google App Engine. The
> organization is also responsible for taking the appropriate security
> precautions and educating users that the information will be available
> to the organization and stored on Google servers.
>
> Some examples of data that may be sensitive to users or subject to
> local regulations and restrictions include:
>
> * Financial Information: Bank account numbers, Social Security
> number, credit card information
> * Health Information: Personally identifying health information or
> government-owned data that shouldn't reside on remote servers
> * Customer Information: Names, passwords, or other login
> information.
>
> Please refer to the Google App Engine Terms of Service for further
> details.
>
> --
> Post: opendatakit@googlegroups.com
> Unsubscribe: opendatakit+unsubscribe@googlegroups.com
> Options: http://groups.google.com/group/opendatakit?hl=en
>
As Yaw says the roadmap is accurate.
The next release of Aggregrate will operate either on Google App
Engine or locally on Tomcat using either MySQL or PostGRES. The local
version will allow users who are concerned about security to fully
control the security of their data. Note: Open Data Kit expect users
to secure their server in appropriate ways. It is the organization's
responsibility to research and comply with applicable laws and
regulations for data storage. The ODK team is NOT saying the server
meets the legal requirements for a secure server. We are providing a
version that users can be in full control of the security so they can
customize it to meet the legal requirements for storing their data.
The warning about App Engine is there to protect you and Google. I am
not aware of any Google service that has the security required for
sensitive data. For example Gmail is not secure enough for sensitive
data either. When deciding how secure things need to be you should
consult your local laws as many apply to storing sensitive data (e.g.
medical data, bank information, etc)
Cheers,
Waylon
···
On Tue, Jan 18, 2011 at 8:42 AM, Yaw Anokwa wrote:
> hi greg,
>
> the roadmap is accurate. we are working towards secured communications
> between aggregate and collect.
>
> the warning on aggregate still applies when using google app engine.
> even if we secure communication between server and client, we can't
> guarantee the security of data once it gets to gae. additionally,
> there may be legal issues you consider if you need your data stored in
> country.
>
> yaw
>
> On Tue, Jan 18, 2011 at 04:51, GregM wrote:
>> Hi,
>>
>> I notice the road map items and warning from Aggregate (see below).
>>
>> My questions are:
>>
>> 1. Do you intent the next release of Aggregate and Collect to have
>> secure to and from device communication?
>> 2. Does the warning in Aggregate still apply? If so, does this mean
>> that the transmissions will be secure, but the data on the server,
>> once stored, may not be?
>>
>> Thanks in advance for clarifying and for creating an excellent
>> toolkit.
>>
>> Greg
>>
>> References....
>>
>> Road Map items:
>>
>> Authenticated server transmissions
>> Authentication and authorization mechanisms
>>
>> From Aggregate:
>>
>> ODK Aggregate is currently designed to store data on Google App
>> Engine.
>>
>> WARNING! Google App Engine servers may be located anywhere in the
>> world. Depending on the sensitivity of the data and specific storage
>> rules/restrictions, the server infrastructure may not have all
>> necessary security precautions (such as encryption). It is the
>> organization's responsibility to research and comply with applicable
>> laws and regulations before storing data on Google App Engine. The
>> organization is also responsible for taking the appropriate security
>> precautions and educating users that the information will be available
>> to the organization and stored on Google servers.
>>
>> Some examples of data that may be sensitive to users or subject to
>> local regulations and restrictions include:
>>
>> * Financial Information: Bank account numbers, Social Security
>> number, credit card information
>> * Health Information: Personally identifying health information or
>> government-owned data that shouldn't reside on remote servers
>> * Customer Information: Names, passwords, or other login
>> information.
>>
>> Please refer to the Google App Engine Terms of Service for further
>> details.
>>
>> --
>> Post: opendatakit@googlegroups.com
>> Unsubscribe: opendatakit+unsubscribe@googlegroups.com
>> Options: http://groups.google.com/group/opendatakit?hl=en
>>
>
> --
> Post: opendatakit@googlegroups.com
> Unsubscribe: opendatakit+unsubscribe@googlegroups.com
> Options: http://groups.google.com/group/opendatakit?hl=en
>