Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Upon account creation, the server collects minimal identifying information such as first name, last name, username, Date of Birth, and email address. This minimal identifying information is needed to create a record of informed consent, tied to a person's identity.  Mobile or web clients do not communicate directly with Stormpath, but instead with the Bridge API backed by the Bridge server running on Heroku.  In our current implementation, the Bridge server acts as a proxy to Stormpath for management of user account data.  Thus, although we have identified no concerns with hosting user account information in Stormpath, our architecture is such that, if needed, we can move to a different service, or even to an in-house implementation. The server stores of this identifiable account information in a back-end database distinct from the one that stores the study data.  Currently Currently, the Bridge server uses a commercial authentication system provided by Stormpath to store and manage such user account data.  Stormpath is one of the leading providers of user management and authentication services, with experience in securing user accounts using start-of-the art security technologies and practices (see Stormpath's Security and Availability documentation  documentation for a description of their system).  Using a third-party service specializing in user management and authentication allows us to achieve solid security around users’ personal account data and ensure a clean separation between personal account data and the de-identified study data that can be used for research.  This way, in the rare event that either database is compromised, the connection between a person and her/his health data will remain protected.

Mobile or web clients do not communicate directly with Stormpath, but instead with the Bridge API backed by the Bridge server running on Heroku.  In our current implementation, the Bridge server acts as a proxy to Stormpath for management of user account data. Additional security is provided because the Bridge server separately encrypts / decrypts most  Although we have identified no concerns with hosting user account information in Stormpath, our architecture is such that, if needed, we can move to a different service, or even to an in-house implementation. 

The identifying information collected by the server in a participant's account is needed to create a record of informed consent, tied to a person's identity, and to facilitate recontacting of study participants by the original research term when permitted by the study protocol.  Most account data is stored as encrypted key value pairs in Stormpath, and the Bridge server encrypts / decrypts user data as it is stored / retrieved from Stormpath.  For example, phone number is encrypted by Bridge and is stored encrypted in Stormpath.  The , using a key generated and controlled by Sage Bionetworks (For more details see our policies around Key Management). The exception to this is user email which is managed securely by Stormpath, but not separately encrypted by the Bridge server.  This allows Stormpath to take on some aspects of user account management such as email validation and password resets.

...