cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
fortean
Contributor III

Querying the (ISC)² DB by Chapters

Folks,

 

(especially: folks that have detailed knowledge about how the (ISC)² systems work),

 

The Dutch Chapter employs software to maintain our registry database.  Part of that software verifies if a person is actually a member of (ISC)².  It also obtains additional information, based on name and (ISC)² registration number, e.g. city of residence and first name. 

 

The verification object code is written in PHP. It sends data to the verification page found at https://webportal.isc2.org/custom/CertificationVerificationResults.aspx using a simple PUT request, then uses DOMDocument and Xpath to parse the results. The code entirely depends on the availability of a hierarchy of (HTML) nodes in the resulting page. It works quite well but - only as long as (ISC)² does not change the names of the nodes, or the order in which they are in.

 

Writing code like this is mostly a matter of trial-and-error (also knows under a more fancy name as reverse engineering) but we have to, as, to the best of my knowledge, the Chapters have no formal API to get access to the (ISC)² database. Our approach works, but has some additional drawbacks: the current 'interface' is not very forgiving when you don't get the name exactly right, but even if you HAVE the registration number, it still requires the name or you won't get results. Alas, from experience we know that people aren't always registered with a name (or order of names, possibly mixed with insertions, prefixes, dashes, spaces, postfixes...) that matches their recollection thereof, e.g. "Ms Van der Velde - Bruinhuizen" might be listed under the surname 'Velde, van der', 'Velde', 'vd Velde', 'Velde, v', 'Velde vd', 'Bruinhuizen', 'Velde Bruinhuizen', 'Velde van der, Bruinhuizen' etc. which can lead to despair with poor Ms Bruinhuizen, who tries to register with us.. "What spelling of my name did they use over at (ISC)² again.."

 

All this makes perfect sense, as the interface was of course never designed to be used for our purposes (namely: to automatically find out if a person that registers with our chapter is actually a member).

 

This brings me to my first question:

 

  • is there a documented API (or can we have one) based on either <XML> or JSON for Chapters, so that we can be reasonably sure that our interface will remain working in the future?

There are a lot of related issues if the answer to this question might be 'yes', but I'll ask them if (when!) we get there.

 

Next issue: using the aforementioned software we can (and do) check if DC 'registrees' are still (ISC)² members in good standing. If their membership has lapsed for a certain period we will contact them to remind them of the expiration and ask if there is anything we can do to assist. In most cases (all, actually, until today) there are just minor issues e.g. payment did not come through etc. and the membership is restored. However, we noticed that the verification page seems to use a shadow database, as the status on the personal page will reflect any recent changes immediately (e.g. the member payed his dues) but the verification page does not. This is a bit of a nuisance as this may result in the chapter not having access to the actual data and so reminders are sent out that needed not to be sent.

 

So, next question:

 

  • Can the API (if we get one) be on the REAL life database, not on some shadow?

Also, related is the situation w/regard to the submission of CPEs. We have all the data we need to have in our system, then have to extract it from there, send it to our secretary, who does some manual labour to fill in a spreadsheet, which then is sent to (ISC)² and they will then adjust the CPE counts accordingly (perhaps even by typing stuff over, I don't know). This, IMHO, is quite cumbersome and could be replaced by another API (again: something using JSON or XML, preferably, probably over TLS, using certs and so to make sure only authenticated people can use this). So, (for now) the last question:

 

  • Can we (CPE submitters) have some kind of API to quickly and "immediately" submit CPE's?

 

I am more than willing (and probably able) to help with designing and coding, regardless languages and platform, and there are no doubt more people in our Chapter (and in this Community) that gladly would lend a hand.

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
3 Replies
SamanthaO_isc2
ISC2 Former Staff

Hi @fortean

 

Thank you for sending along this feedback! Your feedback and detailed description of how you would use something like this is greatly appreciated and I can see how it would be a benefit to our Chapters and CPE submitters. At this time, we do not have any API's that would this. I have sent your feedback along to our Chapter team for consideration, though. If I hear of any updates around this, I will definitely keep you updated here. 

 

Thanks again! 

 

 

 

Samantha O'Connor
(ISC)² Online Community Manager
isc2jade
Community Manager

Thank you for your suggestions, Heinrich. Our team is in the process of evaluating our systems and considering better solutions for providing this information to our chapters. With the new AMS launching this year, we anticipate much improvements in this area.
Jayda Shriver
Volunteer & Member Engagement Manager
fortean
Contributor III

Good to hear, @isc2jade 🙂

 

While we are waiting for the new API's etc. that may come with the new AMS, it might be a good idea to formally freeze the verification page to the form / format it has now. This would really help, as that page now is the only way we (automatically) can do membership verification and it also is used by our (ISC)2 membership lapse notification etc.

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+