Mohit, Can you please update the community on the functional areas you're looking to complete prior to addressing the security/authentication components discussed by Avik.
Can you specifically call out what will be supported at an offline transaction/data entry level. It was my understanding that loan repayments, savings deposits, withdrawals, etc would be supported at individual client level but as Avik mentioned, we should also explore offline collection sheet entry in browser too. Ed On Sun, Oct 8, 2017 at 11:36 PM, Avik Ganguly <[email protected]> wrote: > Hi Mohit, > > I hope you had a great hackathon experience this weekend. Documenting some > of the details of our discussion from last week. > > Please address the breaking changes in the offline schema like the code > for client creation which you mentioned has issues. Apart from that, I was > unable to figure out the targeted scope of the project by searching it's > corresponding requirement document / functional spec in JIRA but it's > unclear to me whether a flow like center / group creation followed by > client and loan creation was targeted as part of the scope. Can you point > me to a document regarding same? > > Once the module is brought to some logical conclusion and the PR is sent > for the core intended functionality, introduce and use offline access flag > at user level to allow Risk to control this mode being used only on need > basis. The following security features can be added as well. > > I am not aware of any highly secure way of authenticating offline but a > "basic" offline security implementation I have seen for mobile devices is > to allow the user to set a 6-digit MPIN for the day before going offline > which is stored in memory after encrypting with symmetric key. On > inactivity based auto-logout or re-opening the application, user is > prompted for the MPIN which is validated against the saved MPIN. Since > these devices are usually hardened using software like Airwatch, access to > the offline database is not fret upon. > > In a browser however, the data is accessible easily but unauthorized > access is much less likely. The same PIN based approach can be implemented. > On reaching max retries for the PIN, the offline data can be purged. An > additional layer can be provided which uses a public key to encrypt PII > (personally identifiable information) in local schema (Customer name, date > of birth, mobile no, address line one) and decrypt these fields in online > mode when syncing back. > > The above does not have anything to do with 2FA or Oauth security modes > though other than re-using the public key in case of encrypting PII. > > Regards, > Avik. > > > > On Mon, Oct 9, 2017 at 10:51 AM, Mohit Bajoria <[email protected]> > wrote: > >> Hello Ed, >> >> Yes! I had a call with Avik last week, Avik is going to update a write up >> on the flow of offline process. >> >> Regards >> Mohit >> >> On 9 October 2017 at 06:46, Ed Cable <[email protected]> wrote: >> >>> Mohit, >>> >>> Have you had a chance to connect with Avik yet? Can you please keep the >>> whole community updated? There is great anticipation around this project as >>> we've been waiting for it for two years now :) >>> >>> Ed >>> >>> On Wed, Sep 27, 2017 at 10:20 AM, Avik Ganguly <[email protected] >>> > wrote: >>> >>>> Hi Mohit, >>>> >>>> Let me know when it's a good time to discuss the concerns that "a user >>>> can no >>>> longer log in while offline and offline transaction entry isn't >>>> supported either". >>>> >>>> You can reach me over phone / Whatsapp at 9900878571. >>>> >>>> If you prefer Skype, send me a calendar invite at your preferred time >>>> anytime in the evening post 7 PM. >>>> >>>> Regards, >>>> Avik. >>>> >>>> On Tue, Sep 26, 2017 at 4:06 AM, Ed Cable <[email protected]> wrote: >>>> >>>>> Avik, Alex, Mohit, >>>>> >>>>> I wanted to follow up on this as we have a number of community members >>>>> that are keen on using the offline mode in the browser and this is >>>>> blocking >>>>> any further review of Mohit's work. >>>>> >>>>> Thanks, >>>>> >>>>> Ed >>>>> >>>>> On Tue, Sep 12, 2017 at 12:23 AM, Myrle Krantz <[email protected]> >>>>> wrote: >>>>> >>>>>> There was a good talk on offline-first at Seville last year that >>>>>> introduced some technologies that might be helpful: >>>>>> >>>>>> https://feathercast.apache.org/2017/03/12/apachecon-seville- >>>>>> 2016-easy-offline-first-web-apps-with-pouchdb-electron-and-r >>>>>> eact-rod-cope/ >>>>>> >>>>>> Greets, >>>>>> Myrle >>>>>> >>>>>> On Mon, Sep 11, 2017 at 6:59 PM, Ed Cable <[email protected]> wrote: >>>>>> > Avik and Alex, >>>>>> > >>>>>> > I wanted to get a discussion going with Mohit and the rest of the >>>>>> > community. He's trying to get his project for browser-based offline >>>>>> access >>>>>> > in Chrome to work ( >>>>>> > https://gist.github.com/mbj36/105c47ccc10890cc4c71582ad63cff23) >>>>>> but due to >>>>>> > the changes Alex had to make to authentication for 2FA, a user can >>>>>> no >>>>>> > longer log in while offline and offline transaction entry isn't >>>>>> support >>>>>> > either. >>>>>> > >>>>>> > Avik - given your extensive experience in building offline >>>>>> solutions, I >>>>>> > hope you could give Mohit some guidance. >>>>>> > >>>>>> > We can set up a call at your convenience for Mohit to discuss where >>>>>> he's >>>>>> > running into roadblocks. >>>>>> > >>>>>> > Cheers, >>>>>> > >>>>>> > Ed >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Ed Cable* >>>>> President/CEO, Mifos Initiative >>>>> [email protected] | Skype: edcable | Mobile: +1.484.477.8649 >>>>> <(484)%20477-8649> >>>>> >>>>> *Collectively Creating a World of 3 Billion Maries | *http://mifos.org >>>>> <http://facebook.com/mifos> <http://www.twitter.com/mifos> >>>>> >>>>> >>>> >>> >>> >>> -- >>> *Ed Cable* >>> President/CEO, Mifos Initiative >>> [email protected] | Skype: edcable | Mobile: +1.484.477.8649 >>> <(484)%20477-8649> >>> >>> *Collectively Creating a World of 3 Billion Maries | *http://mifos.org >>> <http://facebook.com/mifos> <http://www.twitter.com/mifos> >>> >>> >> >> >> -- >> >> *Regards* >> *Mohit Kumar Bajoria* >> *http://mohitbajoria.com <http://mohitbajoria.com>* >> > > -- *Ed Cable* President/CEO, Mifos Initiative [email protected] | Skype: edcable | Mobile: +1.484.477.8649 *Collectively Creating a World of 3 Billion Maries | *http://mifos.org <http://facebook.com/mifos> <http://www.twitter.com/mifos>
