Search Mailing List Archives
[bioontology-support] [BioPortal] Feedback from Eoin Vaughan
eoin.vaughan at ubc.ca
Wed Apr 1 09:12:04 PDT 2020
Yes that is exactly what I was trying to ask.
I believe that REDCap by default has the cert validation for HTTPS requests option turned off maybe to to prevent errors and loss of functionality, can happen easily from a certificate swap.
I have contacted our IT service and they're looking into it. Thanks again for this information I can at least tell them the actions from your side now.
From: John Graybeal <jgraybeal at stanford.edu>
Sent: March 31, 2020 10:43:21 PM
To: support at bioontology.org
Cc: Vaughan, Eoin
Subject: Re: [bioontology-support] [BioPortal] Feedback from Eoin Vaughan
I'm going to restate your request a little bit to make sure we're talking about the same thing. You want to be sure that when REDCap is configured to get data from BioPortal, it is able to do so on a connection secured by SSL, so that the content going back and forth is not in plain text and not capable of being intercepted/rewritten. Correct?
The typical scenario for SSL encryption is that the client—your REDCap service—makes the request using https, and the HTTP server on our end provides a certificate to show it can securely manage the encrypted communication. BioPortal doesn't really know anything about that process, but the web server ensures your end-to-end encryption requirement is met, if your client uses the https protocol.
For this to work, however, I believe your IT service will have to ensure that REDCap makes it requests using the https protocol. You will need to contact the REDCap team if REDCap does not support this option. I will provide some REDCap contacts offline to facilitate this for you.
(I should mention for the record that the service endpoint URLs provided by BioPortal in its API responses are prefixed with http, not https. This does not affect clients' ability to make the same requests using https, but I'm pretty sure it doesn't matter for the REDCap use case.)
On Mar 31, 2020, at 9:41 AM, support at bioontology.org<mailto:support at bioontology.org> wrote:
Name: Eoin Vaughan
Email: eoin.vaughan at ubc.ca<mailto:eoin.vaughan at ubc.ca>
I'm just looking into utilising the "Bioportal Ontology Service" within our departments REDCap instance and I'm in the process of writing up the PIA for this request to our IT service, I was hoping to find out whether the Bioportal Service checks/verifies the SSL certificate like curl does in our API calls for R,Python scripts.
I know they will be wary of the 'man in middle' attack that we may be subject to if not, don't want to assume anything.
bioontology-support mailing list
bioontology-support at lists.stanford.edu<mailto:bioontology-support at lists.stanford.edu>
Technical Program Manager
Center for Expanded Data Annotation and Retrieval /+/ NCBO BioPortal
Stanford Center for Biomedical Informatics Research
650-736-1632 | ORCID 0000-0001-6875-5360
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bioontology-support