Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[bioontology-support] [BioPortal] Feedback from Eoin Vaughan

John Graybeal jgraybeal at stanford.edu
Wed Apr 1 13:35:43 PDT 2020


For the list,

Rob Taylor from REDCap provided this information, and said I could relay it.

John

To answer the question, in REDCap v8.4.0 (released two years ago) and higher, REDCap should *always* make calls to data.bioontology.org<http://data.bioontology.org> over SSL. If your REDCap installation doesn’t do this (or if you’re not sure), have your REDCap database person execute the SQL below in the REDCap database to fix it. Note: This will not hurt anything at all either way. Also, if this is not working, then you may need to have your IT folks who manage your REDCap server ensure that the server can make outbound HTTP requests to https://data.bioontology.org, in case that is being prevented by a firewall or something. You shouldn’t have to worry about certificates or anything. Hope that helps.

update redcap_config set value = 'https://data.bioontology.org/' <https://data.bioontology.org/'%20where%20field_name%20=%20'bioportal_api_url'%20and%20value%20=%20'http://data.bioontology.org/> where <https://data.bioontology.org/'%20where%20field_name%20=%20'bioportal_api_url'%20and%20value%20=%20'http://data.bioontology.org/> field_name =<https://data.bioontology.org/'%20where%20field_name%20=%20'bioportal_api_url'%20and%20value%20=%20'http://data.bioontology.org/>'bioportal_api_url' <https://data.bioontology.org/'%20where%20field_name%20=%20'bioportal_api_url'%20and%20value%20=%20'http://data.bioontology.org/> and value <https://data.bioontology.org/'%20where%20field_name%20=%20'bioportal_api_url'%20and%20value%20=%20'http://data.bioontology.org/> = <https://data.bioontology.org/'%20where%20field_name%20=%20'bioportal_api_url'%20and%20value%20=%20'http://data.bioontology.org/> 'http://data.bioontology.org/<https://data.bioontology.org/'%20where%20field_name%20=%20'bioportal_api_url'%20and%20value%20=%20'http://data.bioontology.org/>';


Rob Taylor
REDCap Team Manager and Lead Developer (https://projectredcap.org<https://projectredcap.org/>)
Vanderbilt Institute for Clinical and Translational Research (VICTR)


On Apr 1, 2020, at 9:12 AM, Vaughan, Eoin <eoin.vaughan at ubc.ca<mailto:eoin.vaughan at ubc.ca>> wrote:

Hi John,

Yes that is exactly what I was trying to ask.

I believe that REDCap by default has the cert validation for HTTPS requests option turned off maybe to to prevent errors and loss of functionality, can happen easily from a certificate swap.

I have contacted our IT service and they're looking into it. Thanks again for this information I can at least tell them the actions from your side now.

Thanks,
Eoin.
________________________________
From: John Graybeal <jgraybeal at stanford.edu<mailto:jgraybeal at stanford.edu>>
Sent: March 31, 2020 10:43:21 PM
To: support at bioontology.org<mailto:support at bioontology.org>
Cc: Vaughan, Eoin
Subject: Re: [bioontology-support] [BioPortal] Feedback from Eoin Vaughan

Eoin,

I'm going to restate your request a little bit to make sure we're talking about the same thing. You want to be sure that when REDCap is configured to get data from BioPortal, it is able to do so on a connection secured by SSL, so that the content going back and forth is not in plain text and not capable of being intercepted/rewritten. Correct?

The typical scenario for SSL encryption is that the client—your REDCap service—makes the request using https, and the HTTP server on our end provides a certificate to show it can securely manage the encrypted communication. BioPortal doesn't really know anything about that process, but the web server ensures your end-to-end encryption requirement is met, if your client uses the https protocol.

For this to work, however, I believe your IT service will have to ensure that REDCap makes it requests using the https protocol. You will need to contact the REDCap team if REDCap does not support this option.  I will provide some REDCap contacts offline to facilitate this for you.

(I should mention for the record that the service endpoint URLs provided by BioPortal in its API responses are prefixed with http, not https. This does not affect clients' ability to make the same requests using https, but I'm pretty sure it doesn't matter for the REDCap use case.)

John



On Mar 31, 2020, at 9:41 AM, support at bioontology.org<mailto:support at bioontology.org> wrote:

Name: Eoin Vaughan
Email: eoin.vaughan at ubc.ca<mailto:eoin.vaughan at ubc.ca>
Location: https%3A%2F%2Fbioportal.bioontology.org<http://2fbioportal.bioontology.org/>%2F

Feedback:
I'm just looking into utilising the "Bioportal Ontology Service" within our departments REDCap instance and I'm in the process of writing up the PIA for this request to our IT service, I was hoping to find out whether the Bioportal Service checks/verifies the SSL certificate like curl does in our API calls for R,Python scripts.
I know they will be wary of the 'man in middle' attack that we may be subject to if not, don't want to assume anything.
Thanks,
Eoin.

_______________________________________________
bioontology-support mailing list
bioontology-support at lists.stanford.edu<mailto:bioontology-support at lists.stanford.edu>
https://mailman.stanford.edu/mailman/listinfo/bioontology-support

========================
John Graybeal
Technical Program Manager
Center for Expanded Data Annotation and Retrieval /+/ NCBO BioPortal
Stanford Center for Biomedical Informatics Research
650-736-1632  | ORCID  0000-0001-6875-5360

========================
John Graybeal
Technical Program Manager
Center for Expanded Data Annotation and Retrieval /+/ NCBO BioPortal
Stanford Center for Biomedical Informatics Research
650-736-1632  | ORCID  0000-0001-6875-5360



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/bioontology-support/attachments/20200401/7ee48a45/attachment-0001.html>


More information about the bioontology-support mailing list