In late December 2007, a project I've been working on for the past few months was released to the public. The company I've been working with, ID Watchdog (IDW), needed a better way to process signups for their identity theft prevention service.

Enter the new signup system.

Working with IDW's design team, I built the new signup system and added several handy features. As signup systems go, this one was pretty complex. Most signup systems take care of the basics - gather the customer information, collect a payment, and send the customer on to the application. IDW needed something a bit more complex.

When it comes to people's identity, security has to be the top priority. So when asking for a potential customer's information in order to monitor their identity, the application must make sure the customer is indeed who they say they are. If you were to signup for an IDW service, you would be asked questions to verify your identity. Questions that someone who is trying to impersonate you would not know.

This screening system is part of what I developed for this project. There are also a few other behind-the-scenes extras that were developed to keep customer information secure. I should note that I worked with a great team of Rails developers on this project, though most of what I am describing here is specific to my direct involvement with the project.

The other members of the team developed several internal applications for IDW to use along with the new signup system. These applications interface with an existing CRM system and also give IDW control over the identity monitoring process for each customer.

So what about the Rails-specific parts of this project? There were actually several problems that were a fun challenge.

First, we wanted to encrypt all customer information in the database (we used PostgreSQL on this project). This was important for PCI compliance and I would argue it's common sense when it comes to storing identity information. Using the Sentry plugin and OpenSSL I generated a very secure public / private keypair that is used to encrypt all data in the database. If you ever need to encrypt data with Rails, not just hash data (which is not nearly as secure), Sentry is the best tool out there.

There were also several third party APIs that had to be integrated with this project. IDology and Merlin are two services that deal with personal information. Unfortunately, neither service had a Ruby library available to interface with their API. We needed a solid interface for these two services, so I spent some time with the documentation for each. I made use of rspec and hpricot and developed two great libraries for communicating with IDology and Merlin. I'm working on getting each released as a gem or plugin. Get in touch with me if you are interested.

I was also in charge of the infrastructure for this project. Without revealing too much sensitive information, I worked with a hosting company and setup a multiple machine platform for secure deployments via VPN. I made heavy use of Capistrano, and the site runs on Apache, Mongrel, and PostgreSQL.

It was great to launch this project in December. IDW actually wanted to hold off until we had a few more features implemented, but our team was able to convince them that releasing early and often with short iterations is a better approach. If we had waited until everything was finished, the project would be well into March before anything was released. Needless to say, there is much to do, and I am looking forward to working with IDW for the next few months as we add features and make their service even better.