fineract-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ed Cable <edca...@mifos.org>
Subject Re: Self-Creation of Self-Service User ID
Date Fri, 28 Apr 2017 16:04:57 GMT
Nazeer,

Per our discussion on this earlier in the week, can we please create
corresponding tickets (either on Apache Fineract JIRA if it's the back end
or on GItHub Issues for Self-Service App) for the work that's needed to
support this.

I know that you said we need to create a set of roles that don't have
super-user privileges for self-service users.

Can you please also review the previous comments on the thread at
https://github.com/openMF/self-service-app/issues/56 so we can identify
what is the process to allow a user to verify that they own the account
they're attempting create self-service credentials for.

Ed

On Tue, Apr 18, 2017 at 5:49 AM, courage angeh <courageangeh@gmail.com>
wrote:

> I think two-factor authentication by sending OTP to SSU's email will be
> more preferable than mobile number, reason being a SSU's mobile number
> might be cloned or the sms can bridged. I also think we could keep track of
> devices used by users to login into de self-service app for verification
>
> ---Sent from Boxer | http://getboxer.com
>
> Hi all,
>
>
>
> Here is my 2 cents.
>
>
>
>
>
> I believe creating a self-creation of SSU is bit tricky. How we can
> authenticate that client details are not misused by somebody. For example
> creating SSU user by providing mobile number or email id with account
> number. Most of the bank apps, will authenticate by sending OTP to his
> mobile/email. I feel it always better to have two step authentication while
> on boarding a customer with SSU app.  If it is not possible with OTP then
> we have to at least enable maker checker by taking his last 2-5 transaction
> details while creating SSU.
>
>
>
>
>
> Thanks,
>
>
>
> Nazeer
>
>
>
> From: Ed Cable [mailto:edcable@mifos.org]
> Sent: 15 April 2017 00:11
>
> To: dev
>
> Cc: Nazeer Shaik
>
> Subject: Self-Creation of Self-Service User ID
>
>
>
>
>
>
> Nazeer or others in the community,
>
>
>
>
>
>
> Can we pick up where we last left off on Adi's comments regarding self
> creation of a self-service user ID.
>
>
>
>
>
>
> This an important component of any self-service app or mobile wallet
> powered by Apache Fineract.
>
>
>
>
>
>
>
>
> Self-Creation of a Self Service User ID
>
>
>
> Is it possible for a client to create their own self-service user ID or is
> that only supported by a back office staff? The use case is as such: I
> download the app from the Google Play Store and have a link to "Sign Up". I
> click sign up and then should be prompte for my account number or phone
> number and then based on that it selects which client account i have in
> mifos and I can then create my user ID and credentials.
>
>
>
>
>
>
> [Adi] App user creation is a secure operation which needs permissions to
> use the APIs. In the scenario that you have mentioned, we need an
> intermediate implementation that takes the open requests from clients an in
> the background verify and create self serviceusers.
>
>
>
>
>
>
> Ed
>
>
>
>
>
>
> On Tue, Oct 18, 2016 at 9:21 PM, Adi Raju <adi.raju@confluxtechnologies.
> com> wrote:
>
>
>
> PSB
>
>
>
>
>
>
> From: Ed Cable [mailto:edcable@mifos.org]
> Sent: 19 October 2016 07:18
>
> To: dev (dev@fineract.incubator.apache.org)
>
> Cc: Adi Raju; Denila Philip
>
> Subject: Questions regarding Log in via Self-Service APIs
>
>
>
>
>
>
> Hi Adi,
>
>
>
>
>
> I will let the devs and PM working on the community Android self-service
> app chime in with more specifics but we have some questions.
>
>
>
>
>
>
> How do you pass the client ID as part of the login process?
>
>
>
> When Puneet was working on the login he wasn't getting the Client ID as
> part of the response from the login. Is this possible as it's needed to
> only then display the accounts of that client.
>
>
>
>
>
>
> And could you clarify that this is the client ID that's created when their
> client account is created in mifos (and not an ID that's generated when
> their self-service user account is created).
>
>
>
>
>
>
> [Adi] As part of authentication response, we are not sending list of
> client ids associated with the app user. In situations like agent banking,
> this info could become too big. Best way to know clients associated with
> self service user is using clients api itself. If the response is a single
> client, app can directly proceed to accounts page. If it is more than one
> client, list the clients.
>
>
>
>
>
>
> Yes, Client Id is different from app user/self service user id.
>
>
>
>
>
>
> Self-Creation of a Self Service User ID
>
>
>
> Is it possible for a client to create their own self-service user ID or is
> that only supported by a back office staff? The use case is as such: I
> download the app from the Google Play Store and have a link to "Sign Up". I
> click sign up and then should be prompte for my account number or phone
> number and then based on that it selects which client account i have in
> mifos and I can then create my user ID and credentials.
>
>
>
>
>
>
> [Adi] App user creation is a secure operation which needs permissions to
> use the APIs. In the scenario that you have mentioned, we need an
> intermediate implementation that takes the open requests from clients an in
> the background verify and create self service users.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
>
> Ed Cable
>
>
>
> Director of Community Programs, Mifos Initiative
>
>
>
> edcable@mifos.org | Skype: edcable | Mobile: +1.484.477.8649
> <tel:(484)%20477-8649>
>
>
>
>
>
> Collectively Creating a World of 3 Billion Maries | http://mifos.org  <
> http://facebook.com/mifos>   <http://www.twitter.com/mifos>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
>
> Ed Cable
>
>
>
> President/CEO, Mifos Initiative
>
>
>
> edcable@mifos.org | Skype: edcable | Mobile: +1.484.477.8649
>
>
>
>
>
>
> Collectively Creating a World of 3 Billion Maries | http://mifos.org  <
> http://facebook.com/mifos>   <http://www.twitter.com/mifos>
>
>
>
>
>
>


-- 
*Ed Cable*
President/CEO, Mifos Initiative
edcable@mifos.org | Skype: edcable | Mobile: +1.484.477.8649

*Collectively Creating a World of 3 Billion Maries | *http://mifos.org
<http://facebook.com/mifos>  <http://www.twitter.com/mifos>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message