cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
fortean
Contributor III

Verification fails - well, sometimes it does..

Folks,

 

When we set up the Dutch Chapter (https://www.chapter.isc2.nl) I wrote a set of PHP programs which implement our membership registration system. It's a simple system; you'll surf to the registry (https://registry.chapter.isc2.nl), fill out a couple of forms and (given that the data is consistent and can be verified) are registered as a member of the Dutch Chapter.

 

If you specify an (ISC)² membership number during registration my software verifies that you are actually an (ISC)² member. Such functionality is normally provided over a well regulated application program interface (API), but (ISC)² did not provide such an API. So, I ended up writing my own kludge, which used the on-line verification page. But kludge or not - it worked just fine for years.

 

Then (ISC)² migrated to Okta/Salesforce. They use a totally different approach, so my kludge stopped working and automatic verification did not work anymore. Dang!

 

We tried to get some response from (ISC)², but to no avail. Then one of our Board members "did some experiments" (hacked stuff) and he figured out how to do verification in the new situation. It proved that, intentionally or by accident, the new verification page DID provide an API! Yay!

 

So, I set out to write a proof of concept that used that API. Worked like a charm! I enthousiastically reported back to (ISC)² that I was happy as a bear in a berry patch, and all was well.

 

A few days later I found the time to integrate my POC into the existing software. But - it did not work. Gnashing of teeth. I figured that I probably had done something wrong during the integration, so I went back to the POC and tried that again. Ow.. that did not work anymore either! More gnashing of teeth.

 

I had used my own data (last name and membership number) to test the software. On a hunch I replaced that data with some other chapter member's last name and membership number - and lo! IT WORKED..??

 

WT..?

 

I now started doubting the world: according to the API, I was not registered anymore!

 

I fired up my browser, hurried over to the 'normal' (ISC)² verification site, typed in my last name and number - no cigar! I, the President of the Dutch Chapter of (ISC)², proud member of the CAC, and a hallmark of integrity and honesty, having duly paid my fees and atop of a sea of CPE's - was cast out! .. 

 

O, the pain, o the horror!  Hastily and with pounding heart I logged in into the (ISC)² member portal. Thank Goodness - I could still log in! And all was well there: member in good standing, all requirements fulfilled, ocean's of CPE's..

 

SO WHY THEN DOESN'T THE DARNED VERIFICATION PAGE SHOW MY DETAILS?

 

Can anybody shed any light on this?

 

 

 

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
18 Replies
AlecTrevelyan
Community Champion

I can't shed any light on why it happens, but I have also noticed the new verification page seems to have intermittent issues.

 

On at least two different occasions now over the past four weeks or so when I have come to use it I received a "no results found" message, so I checked it using my own details and surprisingly also received the same message.

 

On each occasion normal service was resumed within a few hours.

 

fortean
Contributor III

$ php ./proof-of-concept-ISC2-API.php 
Heinrich holds 2 accreditation(s): 
1: CISSP
1311717600 from 
1596146400 until 
2: CCSP
1500588000 from 
1596146400 until 
from 1311717600 to 1596146400

So, yes, it seems to work again Man Happy

 

But.. for how long? Oh, come on, there must be some logging or other tracing available that helps a good sysadmin over there find out what causes this.. verification of membership should not result in having to guess what it is: "member is not in good standing" or "member is in good standing but our software is not" ..

 

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
fortean
Contributor III

Folks,

 

much to my dismay I have to report that the verification site is failing again, and again is similar ways it failed before.

 

I can't get my head around it: how is it that this is not seen as an urgent matter? Or, if it IS seen as an urgent matter, I would appreciate to hear some update: is action being taken? Is the firing squad already assembled? Are the criminals, that deny an  honourable member of (ISC)2 in good standing his verification sent to serve triple-lifelong sentences yet?

 

Tongue in cheek, of course. But seriously, I can't rely on the site anymore to check if somebody is properly registered and a member in good standing. Not with, not without the new (much appreciated!) API. Nor can employers that want to check if a person really IS certified.

 

That, in my not so humble opinion is the core business of (ISC)2: certifiy people and ensure that sufficient mechanisms are in place to verify if a member is (still) in good standing. It seems we are failing our core business.

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
AlecTrevelyan
Community Champion

As of this moment the verification page is working for me.

 

Given this doesn't affect me that much and I know how to work around it when it does I haven't been bothered to report it to Member Services so I'm not sure if they're even aware of the issue - maybe drop them an email if it's causing you major problems.

 

In the meantime can you add something to your script where a null result for a new member you're checking triggers a check of a known good member? If that also comes back with a null result you know the system is down and to try again later.

 

fortean
Contributor III

Well, whenever I try to verify myself, and it fails, I will indeed try to verify another member, and it typically will work. So, it may well be that there is something wrong with just my account, or a number of accounts. In any case, as a member in good standing, one should ALWAYS either be shown a page that the site is down, or some other error page -  or be shown the proper result.

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
AlecTrevelyan
Community Champion


@fortean wrote:

...

...

In any case, as a member in good standing, one should ALWAYS either be shown a page that the site is down, or some other error page -  or be shown the proper result.


I wholeheartedly agree with you.

 

So, what did Member Services say when you reported it?

 

AlecTrevelyan
Community Champion

@fortean - Just in case you haven't reported this issue to Member Services, I have now sent them an email about it referencing this thread.

 

If you have specific times when your script was failing due to the issue it would be helpful if you could post them please.

 

fortean
Contributor III

Thanks for mailing Member Support. I have treated this as a Chapter issue, hence mailed Jayda and Paula about this. It no doubt has their attention. I have set up a coarse monitoring system that fires a query to the API each hour. Will let that run for a week, and see what it says.
--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
AlecTrevelyan
Community Champion

Currently getting the "no results found" message when trying to check my own status!

 

Timestamp: 15:42 GMT on 18/02/2020