Skip to the content

DAQS.IO Security

The DAQS.IO service has been design from the start with keeping your data as secure as possible. In this movie we would like to explain how it works.

When you are invite to DAQS.IO you are asked to created a password. We have set the password requirements as follows:

  • Minimal length   = 9
  • Upper and Lowercase   = mandatory
  • Numbers   = mandatory
  • Special characters   = mandatory

This should give you a password with a bit strength of +/- 59 bits. We have set this rule as a minimum according to these guidelines given by the NIST.

  • < 28 bits = Very Weak; might keep out family members
  • 28 - 35 bits = Weak; should keep out most people, often good for desktop login passwords
  • 36 - 59 bits = Reasonable; fairly secure passwords for network and company passwords
  • 60 - 127 bits = Strong; can be good for guarding financial information
  • 128+ bits = Very Strong; often overkill

Please comply to your company guidelines regarding passwords, and use password managers if allowed.

DAQS.IO 

a website security certificate helps us to facilitate a secure, encrypted connection between you, the clients, and our servers. This way you know that your information is protected and from a verified source.

From Google Chrome:

To see whether a website is safe to visit, you can check for security info about the site. Many browsers will alert you if you can’t visit the site safely or privately.

  1. In your browser, open a page.
  2. To check a site's security, to the left of the web address, look at the security status:
  • Secure
  • Info or Not secure
  • Not secure or Dangerous
Secure

Information you send or get through the site is private. Even if you see this icon, always be careful when sharing private information. Look at the address bar to make sure you're on the site you want to visit.

Info or Not secure

The site isn't using a private connection. Someone might be able to see or change the information you send or get through this site. On some sites, you can visit a more secure version of the page:

  1. Select the address bar.
  2. Delete http://, and enter https:// instead.

If that doesn't work, contact the site owner to ask that they secure the site and your data with HTTPS. We suggest you don't enter any private or personal information on this page. If possible, don't use the site.

Not secure or Dangerous

We suggest you don't enter any private or personal information on this page. If possible, don't use the site.

Not secure: Proceed with caution. Something is severely wrong with the privacy of this site’s connection. Someone might be able to see the information you send or get through this site.

You might see a "Login not secure" or "Payment not secure" message.

Dangerous: Avoid this site. If you see a full-page red warning screen, the site has been flagged as unsafe by Safe Browsing. Using the site will likely put your private information at risk.

 

You no longer need to install the DAQS.IO BIM360 app on your BIM360 hub!

To install the DAQS.IO BIM360 app you need Admin rights on your company’s BIM360 hub.

It is important to understand that the app can't do anything by itself, it needs to be instructed by a user of your company to do anything. 

DAQS.IO offers two types of BIM360 Authentication. This is set at a company level and done by the BIM manager role.

  1. The first type of Authorization DAQS.IO supports is: an Authorization Code. This methode stores an access token in the database allowing you to access BIM360 when ever you need. 
  2. On request we have also added another authorization type: Implicit grant. This options works similar, but the access token expires automatically after 24 hours.

We have also added the options for users to revoke their BIM360 authentication. Notice the expiration date and the button to revoke access.

 

  • When you add a project form BIM360 to DAQS.IO you copy the name of a project and the project GUID . No files are copied!
  • When you add a model form BIM360 to DAQS.IO you copy the name of the file and the model GUID . Nothing Else!

The Project GUID and Model GUID are needed to put the results in the correct place. 

The recommendations for security is that you have a limited number of people with the role of BIM managers on DAQS.IO because it is only them who can add projects. This means that it is up to the BIM manager if a project is allowed onto the DAQS.IO dashboard.

Dashboard roles

Below is the list of roles and their capabilities.

  • Administrator (for DAQS people only)
  • BIM manager
    • Add users, assign roles, and change user roles.
    • Add projects and models.
  • Dashboard user
    • View dashboards
Project permissions
  • Not authorized
  • Engineer
    • View only
  • Project manager
    • Add models
    • Edit project settings
    • Edit project permissions
    • delete
    • View
Exception:

The BIM manager of a company has access to all projects on DAQS.IO of their company

Adding users to a project

When a person with the BIM manager role has added a project to DAQS.IO it is recommended that other people are added to the project with the role of Dashboard user. When a user is added to a project then it is required to assign this user permissions on the project. The default is not authorized, which means you can't see or do anything. The DAQS.IO BIM manager appoints a Dashboard user with the permissions of a project manager for a specific project. This way, this person, with these permissions can take care of adding more people to the project with either Engineer or Project manager permissions.

It is Important to understand that a person with the BIM manager role on DAQS.IO can not add a sensitive BIM360 project to DAQS.IO if this person does not have access rights to the BIM360 project. This means that a security precaution a company can take is to not give a role of BIM manager on the DAQS.IO system to people who have access to the sensitive project on BIM360.

It is Important to understand that a person with the BIM manager role on DAQS.IO can not add a sensitive BIM360 project to DAQS.IO if this person does not have access rights to the BIM360 project. This means that a security precaution a company can take is to not give a role of BIM manager on the DAQS.IO system to people who have access to the sensitive project on BIM360.

Security suggestion:
  • Consider, users of your company, that have access to a sensitive BIM360 project not to have the BIM manager role on DAQS.IO
Alternatives
  • Consider using separate BIM360 accounts. An account on BIM360 that has read rights to only those projects that are aloud to be analysed and then the DAQS.IO BIM manager's account uses those credentials for adding projects.
  • Consider using a separate BIM360 Hub for sensitive projects.

Wwen you authorize DAQS to read information from BIM360, this is what happens: You are making use of Autodesk 3 legged authentication. When your authorization is completed, there is an access token generated with a scope. The scope DAQS.IO uses is data:read. Your user credentials are stored as a hash in the DAQS.IO database

A hash is designed to act as a "one-way function": A mathematical operation that's easy to perform, but very difficult to reverse. Like other forms of encryption, it turns readable data into a scrambled cipher. But instead of allowing someone to decrypt that data with a specific key, as typical encryption functions do, hashes aren't designed to be decrypted. Instead, when you enter your password on a website, it simply performs the same hash again and checks the results against the hash it created of your password when you chose it, verifying the password's validity without having to store the sensitive password itself. Please read up on hashing technology there are excellen articles available online.

Please let us explain how the system of the plugin works. It is not the plugin that takes the action. It is the user that instructs Autodesk Forge to copy the DAQS.IO app from the users BIM360 hub and the designated Revit file to a temporary location on the Autodesk Forge server. Next, Revit is started with the plugin, and extracts specific information and stores this into a JSON file. Autodesk Forge sends this file to the DAQS.IO database where it is interpreted and visualized on the dashboard. After sending the JSON file, Autodesk forge deletes all the data pertaining the entire transaction.

Without data, perception is reality!

John

Daniel: Linkedin 

contact  @  daqs.io