Party Codes

[Bryce13Reid]

A registering part, I want to use party codes so that I save time with data entry

2. Enter the secured party code identifying the secured party OR the full name and complete address of the secured party OR the business name and address. (only select one) In Sale of Goods Act The secured party is the BUYER

Wireframe exists, No visual design.

The system will show read-only version of the data matching entered party code on field exit/post "done" button.

Will require an API lookup for Party code

Party Code Defined as an 8 digit integer

[jguertin]

@sandrajoandaniel @colinanderson-cgi @LivMac-Git @bfbowles

I'm concerned about the capability to lookup a secured party by a code, as it may become an avenue for abuse unless we lock it down tightly.

If we allow users to lookup any party code in the database (global availability), then a malicious user could leverage the API to enumerate all the party codes in our system (create their own database names/addresses). To prevent this, we would need to restrict party code lookups to only the user or account who created them.

Unfortunately, in the mainframe PPR, party codes are available at a global level, so we may not be able to re-use them in the replacement system as we might not be able to associate them to a specific user or account. It might be possible, but I'm not clear on the effort that would be required.

I'm not clear where that leaves us as far as direction for party codes, but the concern is raised.

[colinanderson-cgi]

How this has been done in other systems that I have seen is that the execution of the sensitive function is simply audited & the user is informed of that fact. In Sharepoint, for example, you can turn on an audit level that's the equivalent of logging every click. Certain systems, like Dynamics CRM have this capability as a base functionality for precisely this reason.

With systems like this that can potentially disclose the PPI for nefarious purposes, you have to assume that the user has the right intent in mind. For example, a doctor views sensitive medical information in software based medical records that can potentially be abused & we have to be able to trust that they are going to do the right thing.

Are the users of PPR as trustworthy as a doctor? Probably not, but I think we have to assume they are trustworthy enough to not go screenscraping. Running reports on the audit logs easily exposes abuse, and then the user can be sanctioned. In this way we don't have to overcomplicate things with issues like permissions sets.

From the legal perspective, just put it into the EULA - there is an EULA, i hope?

Another thought that just came to mind is you could simply rate-limit the number of lookups that a user could do in a particular registration - like, if you haven't found your guy in five tries, clearly you have insufficient data.