Eveoh has released MyTimetable 3.6 with improvements to the security of iCalendar feeds, used to connect MyTimetable to smartphones, tablets and calender applications such as Microsoft Outlook. This blog post discusses these iCalendar feed changes, and also points out some of the highlights of releases 3.3 – 3.5.
Detailed release notes are available at the wiki pages.
All work involved in upgrading to the latest MyTimetable version (configuration, building, testing) is free of charge for customers with a Software Assurance or All-In support agreement. Due to the security changes in this release, we strongly recommend customers to upgrade to MyTimetable 3.6. Please contact us to have your environments updated.
iCalendar feed changes (MyTimetable 3.6)
Some customers have asked us questions about MyTimetable’s iCalendar feeds that use the unencrypted HTTP protocol and the security implications of this. After careful consideration, we have made the decision to move all iCalendar feeds to encrypted HTTPS connections. This change offers maximum security for end-users, but does change the workflow when connecting an iCalendar feed to a calendar application.
Historically, iCalendar feeds have been served over HTTP for two reasons:
- Some clients did not support HTTPS connections.
- It allows the
webcal://protocol handler to be used to add iCalendar feeds easily with the press of a button.
As these connections are unencrypted, adversaries on public networks could listen in on the timetable of a user, which may contain personal data. Other malicious actions were not possible, as the iCalendar feed URL contains a unique hash that only works for a specific user and feed. In the current age, where users are always connected and often use insecure public Wi-Fi hot spots, a move to HTTPS is necessary.
Over the last years, all clients have started supporting HTTPS connections.
An easy way to connect calendar applications to an HTTPS feed is still missing though, as
webcals:// is not supported by any application.
For this reason we have updated MyTimetable 3.6 with instructions on adding iCalendar feeds manually to the various calendar applications.
We hope these instructions are clear enough for most users, but suggestions for improvement are always welcome.
Old, unencrypted URLs will be redirected to their encrypted equivalent by default. Some clients, like Apple Calendar, will automatically start using the new secure URL for all future requests. But some clients keep trying the old unsecure URL. For total security, it is possible to invalidate all old iCalendar URLs. This is a change that needs to be communicated to users separately, as every user will have to re-subscribe to their iCalendar feeds.
/link endpoint (MyTimetable 3.5)
/link endpoint makes it possible to create incoming links to multiple timetables of various types.
One new possibility is to link from an external application to a combination of both a student and an exam timetable.
Documentation is available on our wiki.
Scientia Exam Scheduler data provider improvements (MyTimetable 3.5)
The Exam Scheduler data provider now supports timetables based on ‘plain’ exam requirements and location timetables.
Admin: Target messages by user role (MyTimetable 3.4)
The MyTimetable administrative interface allows defining messages that will be shown to users when they log on to MyTimetable. In this release, an option was added to target messages to certain user roles (e.g., ‘math students’ or ‘all staff’). To clarify the user interface, friendly names for user roles were added as well.
iCalendar data provider (MyTimetable 3.3/3.4)
You can now use iCalendar feeds from any other application and display the events as timetable in MyTimetable. This makes it possible to use Google Calendar or other calendar applications as a source for timetables. Using the iCalendar feed admin panel, a user can define one or more timetables and point them to any iCalendar feed on the internet. This makes it super easy to add a Holiday calendar to your MyTimetable instance.
Travel time warnings (MyTimetable 3.4)
When MyTimetable detects a change between buildings, it can show a travel time warning if users have limited travel time available. This warning appears as a small icon next to the activities, and as a text label in the activity details. The exact algorithm used to detect ‘travel time’ depends on the wishes of the institution and will require some limited bespoke development.
Admin: Publication policy (MyTimetable 3.3)
The publication policy defines what activities are shown to what users, and allows removal of sensitive details from the activities if necessary. A flexible rule engine offers almost infinite possibilities. Some examples are:
- Show draft timetables to a limited set of users
- Hide staff member details from guest users
- Remove activities after a certain date
Previously, this ‘rule set’ was hard-coded into the MyTimetable configuration of the customer. With the addition of the publication policy to the administrative interface, the customer can change this policy themselves at any time, without downtime for the end-users.
For a complete overview of all changes, please visit the release notes on the following wiki pages:
- MyTimetable 3.6 release notes
- MyTimetable 3.5 release notes
- MyTimetable 3.4 release notes
- MyTimetable 3.3 release notes
For further information or upgrade requests, please contact our support department.