How does the council know who has logged an issue in 'Report a Problem'?
The iCouncil Public application composes an email which is sent by the owner of the mobile device using their email account. They are given the opportunity to type additional details into the email if they wish. The iPhone® supports a 'signature' capability (defaults to 'Sent from my iPhone') that staff or the public can use to automatically provide additional details.

What sort of infrastructure is required to support iCouncil?

The mobile devices connect to a 'Mobile Application Server' via https (reverse proxy recommended) or vpn.   The Mobile Application Server connects to a standard Ci Application Server using Web Services.

The Mobile Application Server is a lightweight aggregation server that requires minimal resources.  If using a vpn this web application may be hosted on the Ci Application Server.

How big is the foot print of iCouncil?

The application itself is around 20Mb.  When iCouncil Enquiries is enabled the stored data varies.  In current trials a council with 70000 rateable properties is about 40Mb.

How does it cache data?
An extract of the Property and Rating data and a customer’s GIS system is merged on the server to create a SQLite database, which is then downloaded to the client in compressed form.

When transmitted over the network this is compressed.  For example, a 40Mb database is compressed to about 20Mb.

How does the data get cleared?
If a user account is disabled, credentials are incorrect after a number of retries or when the user signs out, all data is wiped from the device. (in development)

This is appropriate in the scenario where the app was installed on device owned by an ex-employee. 

What about the security of public data?
i.e. the iPad being stolen and the public having access to ratepayers’ personal details?
IOS devices intended for enterprise use must have the lock screen enabled.  This prevents use of the device by unauthorized people without a passcode.

If the password is incorrectly guessed after a number of tries (8 is the default) the device can automatically wipe all data on the device.

To protect all data at rest, iOS features built-in hardware encryption using AES 256-bit encoding. Building on the hardware encryption capabilities of iOS, iCouncil data, email messages and attachments stored on the device can be further secured by using Data Protection (currently in development).  Data Protection uses a user’s device passcode to generate a strong encryption key. This key prevents data from being accessed when the device is locked, ensuring that critical information is secured even if the device is compromised.  

Are iOS devices secure enough for enterprise use?
Architecturally Apple devices have been built with data security in mind.  Having control of the hardware and software means the platform is very difficult to compromise at the hardware, software or network level.

Please see the following white paper that provides an overview of iOS security:
http://images.apple.com/iphone/business/docs/iPhone_Security.pdf

How does iCouncil validate credentials?
Staff credentials (iCouncil Inspections/Enquiries) are passed to the server, where the configured Property & Rating authentication scheme is used.  Usually this will be Active Directory.

The 'Report a Problem' functionality does not require authentication.

If a user changes their Active Directory password how is this information passed through to the mobile device?
The iCouncil application logs in to the application server in the background using its cached credential.  If the Active Directory credentials have changed, the local user will be asked to re-enter their credentials.

Does the system geotag photos when they are stored as attachments?
The iPhone® and iPad® devices will embed geotagging data in photographs if the user allows their device to do so.  

For iCouncil Inspections, this is stored as part of the information in the image attachment on the server. Attachments to the email that are sent from Report a Problem also will embed geotagging information if the user has permitted it.  (Although address and map information are also separately embedded in the email).