You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@fineract.apache.org by James Dailey <ja...@gmail.com> on 2023/06/07 00:13:16 UTC

Re: Fineract for Agency Banking using POS Credit Card device and USSD Channel

We've had a number of discussions already in the past several years
where we've pointed out the inherent limitations in the design and
implementation of the Self-Service component. I don't want to offend
anyone, but this has to change. We have discussed it previously and
already there is a roadmap item whereby the Self-Service component
would become more external and optional to the core. This will
strengthen the overall security because one can more easily pass
static and dynamic security audits that currently evaluate the
Self-Service API "unfavorably".  While I know that the Self Service
APIs are a favorite because of the features that they enable, and it
is tempting to try to extend them, we really shouldn't, not until we
have a new path laid out.

If you have some ideas on how to have a good design and move this into
a robust security model as well, please raise them here in generic
terms. This will overlap I think with the discussion on auth server
and resource server.  Please note that all security issues should be
formally raised on security@fineract.apache.org or security@apache.org
and to keep in mind that this is a public email list.




On Sun, May 21, 2023 at 12:40 AM Ippez Robert <ip...@gmail.com> wrote:
>
> Dear Fineracters,
>
> Thanks for taking some time to have discussions around this. From the discussion so far, presumably USSD for clients has been implemented so far by one of the partners (Zayyad A. Said). It will be great to extend this for this cause and at the end of the day contribute it back to the community. (Zayyad A. Said we can discuss about this, but it will may need major APIs implementations on the main Fineract codebase like Self Service APIs for clients).
>
> If I remember correctly, when the self service APIs were being discussed for implementation, there were considerations for Agency Banking as part of this implementation. But it seems the implementation stage didn't cater for this.
>
> From the archives, I see this https://github.com/openMF/mobileapps.github.io/blob/master/index.md#third-partyagent-banking-external-staff , so am wondering if the APIs already exist in Fineract codebase so that we can benchmark on it.
>
> Thanks and regards
> Ippez Robert
>
>