Skip to main content
Liaison

Release – August 2021

New Enhancements & Features

PURL Security Enhancements

Data security and privacy are key issues today, and our PURL pages have constantly evolved to stay in line with these quickly-changing standards and global regulations.

One of the hallmarks of EMP's PURL pages is their immediacy and personalized detail: as soon as a student submits an Inquiry Form, they are welcomed by this frictionless, immersive experience, with their next steps and information of interest a click away.

It's not simply a "portal" for submitting an application, it encourages students through that decisive initial phase after their first "hand-raise" to help them confidently add your school to their short list, and move forward to apply.

The Requirement: never expose any protected personal information, nor allow a student's record to be updated, unless the student has been authenticated (logged in).

When faced with this reality that a student's personal information must be fully secured, and unavailable to the public, across the myriad of custom PURL pages from each EMP school, we had a decision to make:

  • Change the PURL to a standard portal that requires a login to view anything (not ideal for students)
  • Require our clients to police their content and lock down every page with protected content (not ideal for our users), or
  • Build a more elegant solution that balances the need for privacy while retaining the immediacy, and personalization of the PURL.

We chose the hardest and best option, #3, so students don't lose that differentiating, immediate response, and you aren't burdened trying to manage it yourselves.

The Solution

Any individual widget that may display a student information (contains variable content*), or could update the student's record (forms, checklists, etc), will be hidden until a student is logged in (authenticated).

  • Unauthenticated Visitor: Users will be prompted to login view any widgets containing the following content.
    • Forms
    • Checklists
    • Widgets containing a variable field other than the PURL Variable Whitelist* (First Name, Unique PURL, Rep Variables)

IMPORTANT: To ensure students understand there is more view and do, (1) a message will display at the top of the page, and (2) on each hidden widget, that prompts them to log in. After doing this once, most students use their devices to save their credentials, making their future visits as easy to login to as the innumerable other sites they use.

  • Authenticated Visitor: After logging-in all (previously hidden) content will be visible.

After logging in all content appears normally. This experience gives you and your students peace of mind that their data is safe, while ensuring no disruptions to providing them an immediate, relevant response.

Logging In

Clicking the "login" button will prompt users for their password. If users have forgotten their password, or are visiting their PURL for the first time, they can receive a new password by clicking the "Send me a new password" button.

Removal of Name from PURL Pages URL String

To meet the requirements that external parties (e.g. Google Analytics, etc.) don't receive any PII from the PURL webpage URLs, we have replaced the "Unique PURL" text of the URL - which contained the student's name - with the Spectrum ID #:

  • Prior Example - liaisonuniversity.edu/go/JohnSmith
  • Updated Example - liaisonuniversity.edu/go/8675309

NOTE: Students will still see their names on PURL links, and old links using their name will still work, but when the page loads, the actual URLs will transform to only include their Spectrum ID #.

There is no disruption to any student experience, or web tracking of any kind.

PURL Variable Whitelist

There are several variables which are "white listed" - i.e. permitted to be shown on the unauthenticated view, as they neither expose any protected personal information, nor allow a student's record to be updated.

  • First Name
  • Unique PURL
  • Rep Info (Rep First Name, Rep Last Name, etc.)

However, a widget will be hidden in the authenticated view if it contains any other student variables not on the PURL Variable Whitelist.

 

  • Was this article helpful?