Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[bioontology-support] API Security

Lore, Michelle H lore at illinois.edu
Mon Feb 8 06:35:56 PST 2021


Thank you, John! I appreciate your response.

Thanks again,
Michelle

From: John Graybeal <jgraybeal at stanford.edu>
Sent: Friday, February 5, 2021 9:39 PM
To: Lore, Michelle H <lore at illinois.edu>
Cc: support at bioontology.org
Subject: Re: [bioontology-support] API Security

Michelle,

I'm sorry, but despite some awareness of security concerns, I'm not familiar with the precise meaning of the term "API security". The top few references on the web indicate it is a bit of an abstract concept, e.g., "the application of any security best practice applied to web APIs."

So that doesn't help you too much, but I can give you a few pieces of information you can pass along to your campus security. We use REST API services with per-user API keys, TLS encryption (https)  and rate limits. (There are some public services that do not require API keys.) We do not additionally encrypt our message packets, since the TLS encryption provides encryption for them (and also enforces appropriately secure signatures on the transaction).

I hope that is enough information for you and them. We are used by upwards of 75 university and similar installations, and we have not had concerns expressed or security questions asked (to my knowledge), so I hope but can not promise that is some indication of the suitability of our security for this heavily accessed research system.

John




On Feb 5, 2021, at 2:55 PM, Lore, Michelle H <lore at illinois.edu<mailto:lore at illinois.edu>> wrote:

Hello,

I’m a REDCap administrator at University of Illinois at Urbana-Champaign. We’re looking to enable the biomedical ontology auto-suggest functionality that REDCap provides, and our campus security is requesting information about the API security of the BioPortal API. I looked on the API documentation page and throughout the NCBO website and could not find anything explicitly about API security. Any additional information you can provide is appreciated.

Thank you,
Michelle

Michelle Lore, MS (she/her)
REDCap Application Specialist
Interdisciplinary Health Sciences Institute
University of Illinois | Urbana-Champaign
901 W. University Avenue, Suite 201 | MC-261 | Urbana, IL 61801
Phone: (217) 244-9666 | Email: lore at illinois.edu<mailto:lore at illinois.edu>
Website: https://healthinstitute.illinois.edu/
Twitter: https://twitter.com/IllinoisIHSI<https://urldefense.com/v3/__https:/twitter.com/IllinoisIHSI__;!!DZ3fjg!tWB4WA3GIB5AT_zK93_vIJ5q2LTV2iF1LrmlM5nC8hoI7mxV8oQU19kMC5C2Flw$>

_______________________________________________
bioontology-support mailing list
bioontology-support at lists.stanford.edu<mailto:bioontology-support at lists.stanford.edu>
https://mailman.stanford.edu/mailman/listinfo/bioontology-support<https://urldefense.com/v3/__https:/mailman.stanford.edu/mailman/listinfo/bioontology-support__;!!DZ3fjg!tWB4WA3GIB5AT_zK93_vIJ5q2LTV2iF1LrmlM5nC8hoI7mxV8oQU19kMAw9oGg4$>

========================
John Graybeal
Technical Program Manager
Center for Expanded Data Annotation and Retrieval /+/ NCBO BioPortal
Stanford Center for Biomedical Informatics Research
650-736-1632  | ORCID  0000-0001-6875-5360



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/bioontology-support/attachments/20210208/df7a2648/attachment-0001.html>


More information about the bioontology-support mailing list