Allow customer self-service on Fineract-CN

[Juhan Aasaru <aa...@gmail.com>]

Hi!

I would like to raise a separate thread regarding customers logging in to
fineract-cn on their own behalf
(to provide customer self-service). Vishwas wrote earlier in another thread:
> AFAIK, you cannot do the same on the current micro-services.
> The Mifos initiative has another project (Customer Self Service API
Gateway)
> which allows customer self service by maintaining separate credentials
for each customer.
> After the customer has been authenticated and authorized at the gateway,
> it interfaces with Fineract-CN using a system / back-office user
credential .

I didn't find such a project, I think something like this only exists for
Fineract 1.x
But even if it exists the described design sounds more like a workaround or
a "hack"
- something that is done to add the functionality to an existing system.

Since Fineract-CN is a new platform and it has all the building blocks it
should make customer a
First-Class citizen [ https://en.wikipedia.org/wiki/First-class_citizen ]
meaning the customer
would represent himself as a user and all the privileges checking systems
would
make sure the customer is only able to obtain information about himself.

I know it adds a lot of complexity (to alredy complex world) but I was
wondering if
this question has risen earlier and if there have been any design thoughts
how it should
be implemented (or why it was decided not to implement it).

I see Fineract 1.x /MifosX has a nice analysis document about customer
self-service here
https://cwiki.apache.org/confluence/display/FINERACT/Customer+Self-Service
I wonder if something exists for Fineract-CN as well.
Or if not how could we come up with a similar document how it should be
once implemented.

Regards
Juhan

Re: Allow customer self-service on Fineract-CN

[Ed Cable <ed...@mifos.org>]

Youtube somehow included the wrong link:

Here's the link to the webinar: https://www.youtube.com/watch?v=EcP5U-hPwpY

There are also some initial docs on the API Gateway and Open Banking API at
https://mifos.gitbook.io/docs/

Ed

On Thu, Sep 26, 2019 at 2:06 PM Ed Cable <ed...@mifos.org> wrote:

> Hi Juhan,
>
> Thanks for taking the initiative to explore this topic as it's been a
> critical one that we've been trying to actively discuss with the community
> since January of 2018 - https://markmail.org/thread/2xz2py455r7rlm3p
>
> The API gateway providing support for a UK Open Banking API that Mifos has
> started implementing and will soon be shipping is the first step towards
> more securely supporting third party customer-facing apps.  This has been
> implemented for both Fineract 1.x and Fineract CN. It's only been tested
> with some reference apps but one of the next steps is to have the existing
> wallet and mobile banking apps on Fineract and Fineract CN connect via the
> API Gateway.
>
> If you haven't watched this webinar, our digital transformation webinar
> introduces some of the Open Banking API work:
> https://www.youtube.com/watch?v=3vauM7axnRs
>
> We do recognize that it's only one step along the way and in order to
> treat the customer as a first-class citizen we do need a separate data
> store for the customer that can be written to and read from. Vishwas has
> articulated some of these requirements in a recent post to that same
> thread: https://markmail.org/message/f5t6aejhktr6htgd
>
> I would love to work with you in helping to spec out the work needed to
> have customers be a first-class citizen and then build out the separate
> data store for customers, an offline first approach and then align that
> with the Open Banking API that's being implemented to initially provide
> first-party apps a secure way to connect and also allow for third-party
> apps to connect to.
>
> Perhaps we can get a small working group in place to advance this further.
> I can get some of the product management volunteers like Prakash involved
> to help with the spec as well.
>
> Ed
>
>
>
> On Thu, Sep 26, 2019 at 1:38 PM Juhan Aasaru <aa...@gmail.com> wrote:
>
>> Hi!
>>
>> I would like to raise a separate thread regarding customers logging in to
>> fineract-cn on their own behalf
>> (to provide customer self-service). Vishwas wrote earlier in another
>> thread:
>> > AFAIK, you cannot do the same on the current micro-services.
>> > The Mifos initiative has another project (Customer Self Service API
>> Gateway)
>> > which allows customer self service by maintaining separate credentials
>> for each customer.
>> > After the customer has been authenticated and authorized at the gateway,
>> > it interfaces with Fineract-CN using a system / back-office user
>> credential .
>>
>> I didn't find such a project, I think something like this only exists for
>> Fineract 1.x
>> But even if it exists the described design sounds more like a workaround
>> or a "hack"
>> - something that is done to add the functionality to an existing system.
>>
>> Since Fineract-CN is a new platform and it has all the building blocks it
>> should make customer a
>> First-Class citizen [ https://en.wikipedia.org/wiki/First-class_citizen ]
>> meaning the customer
>> would represent himself as a user and all the privileges checking systems
>> would
>> make sure the customer is only able to obtain information about himself.
>>
>> I know it adds a lot of complexity (to alredy complex world) but I was
>> wondering if
>> this question has risen earlier and if there have been any design
>> thoughts how it should
>> be implemented (or why it was decided not to implement it).
>>
>> I see Fineract 1.x /MifosX has a nice analysis document about customer
>> self-service here
>> https://cwiki.apache.org/confluence/display/FINERACT/Customer+Self-Service
>> I wonder if something exists for Fineract-CN as well.
>> Or if not how could we come up with a similar document how it should be
>> once implemented.
>>
>> Regards
>> Juhan
>>
>>
>>
>
> --
> *Ed Cable*
> President/CEO, Mifos Initiative
> edcable@mifos.org | Skype: edcable | Mobile: +1.484.477.8649
>
> *Collectively Creating a World of 3 Billion Maries | *http://mifos.org
> <http://facebook.com/mifos>  <http://www.twitter.com/mifos>
>
>

-- 
*Ed Cable*
President/CEO, Mifos Initiative
edcable@mifos.org | Skype: edcable | Mobile: +1.484.477.8649

*Collectively Creating a World of 3 Billion Maries | *http://mifos.org
<http://facebook.com/mifos>  <http://www.twitter.com/mifos>

Re: Allow customer self-service on Fineract-CN

[Ed Cable <ed...@mifos.org>]

Hi Juhan,

Thanks for taking the initiative to explore this topic as it's been a
critical one that we've been trying to actively discuss with the community
since January of 2018 - https://markmail.org/thread/2xz2py455r7rlm3p

The API gateway providing support for a UK Open Banking API that Mifos has
started implementing and will soon be shipping is the first step towards
more securely supporting third party customer-facing apps.  This has been
implemented for both Fineract 1.x and Fineract CN. It's only been tested
with some reference apps but one of the next steps is to have the existing
wallet and mobile banking apps on Fineract and Fineract CN connect via the
API Gateway.

If you haven't watched this webinar, our digital transformation webinar
introduces some of the Open Banking API work:
https://www.youtube.com/watch?v=3vauM7axnRs

We do recognize that it's only one step along the way and in order to treat
the customer as a first-class citizen we do need a separate data store for
the customer that can be written to and read from. Vishwas has articulated
some of these requirements in a recent post to that same thread:
https://markmail.org/message/f5t6aejhktr6htgd

I would love to work with you in helping to spec out the work needed to
have customers be a first-class citizen and then build out the separate
data store for customers, an offline first approach and then align that
with the Open Banking API that's being implemented to initially provide
first-party apps a secure way to connect and also allow for third-party
apps to connect to.

Perhaps we can get a small working group in place to advance this further.
I can get some of the product management volunteers like Prakash involved
to help with the spec as well.

Ed



On Thu, Sep 26, 2019 at 1:38 PM Juhan Aasaru <aa...@gmail.com> wrote:

> Hi!
>
> I would like to raise a separate thread regarding customers logging in to
> fineract-cn on their own behalf
> (to provide customer self-service). Vishwas wrote earlier in another
> thread:
> > AFAIK, you cannot do the same on the current micro-services.
> > The Mifos initiative has another project (Customer Self Service API
> Gateway)
> > which allows customer self service by maintaining separate credentials
> for each customer.
> > After the customer has been authenticated and authorized at the gateway,
> > it interfaces with Fineract-CN using a system / back-office user
> credential .
>
> I didn't find such a project, I think something like this only exists for
> Fineract 1.x
> But even if it exists the described design sounds more like a workaround
> or a "hack"
> - something that is done to add the functionality to an existing system.
>
> Since Fineract-CN is a new platform and it has all the building blocks it
> should make customer a
> First-Class citizen [ https://en.wikipedia.org/wiki/First-class_citizen ]
> meaning the customer
> would represent himself as a user and all the privileges checking systems
> would
> make sure the customer is only able to obtain information about himself.
>
> I know it adds a lot of complexity (to alredy complex world) but I was
> wondering if
> this question has risen earlier and if there have been any design thoughts
> how it should
> be implemented (or why it was decided not to implement it).
>
> I see Fineract 1.x /MifosX has a nice analysis document about customer
> self-service here
> https://cwiki.apache.org/confluence/display/FINERACT/Customer+Self-Service
> I wonder if something exists for Fineract-CN as well.
> Or if not how could we come up with a similar document how it should be
> once implemented.
>
> Regards
> Juhan
>
>
>

-- 
*Ed Cable*
President/CEO, Mifos Initiative
edcable@mifos.org | Skype: edcable | Mobile: +1.484.477.8649

*Collectively Creating a World of 3 Billion Maries | *http://mifos.org
<http://facebook.com/mifos>  <http://www.twitter.com/mifos>