Dear Ed, We at Kuelap have no plans because believe we should never give members, agents, or other third parties direct access to the financial institution's data. Aside from any regulatory standpoint this is a huge flaw in the current system.
My company is working on two offline-first clients that we think are more secure architecture; one will provide a reduced set of functionalities for employees working in remote areas; The second one will provide mobile banking functionalities for members of financial institutions. Once the company feels the time is right to share our work, we may propose these apps or at least the secure architecture to the community, but we are not nearly far enough along to do that now. Cheers Markus .::Yagni likes a DRY KISS::. On Tue, Jan 16, 2018 at 3:54 PM Ed Cable <edca...@mifos.org> wrote: > Markus, Mark or others who could best respond, > > What is the planned design for enabling third parties (i.e. non-staff) such > as clients, agents, etc to authenticate themselves and access data within > Apache Fineract CN. > > From what I recalled, you were planning to take a more secure approach than > simply providing a self-service API that has access to the full production > database but rather have a separate data layer for self-service users? > > Could you update the community on what the plans are for providing access > to enable these client-facing applications? Is it documented anywhere? > > One reason I ask is it that as the Mifos Initiative thinks about GSOC 2018, > I'd like to consider a project on building out an initial mobile banking > app on top of Apache Fineract CN. > > Thanks, > > Ed >
