Hi Rachit, Welcome to the community.
Thanks for all the work you are doing. Will it be Ok if you transferred your document to Confluence? Here is the link to signup and create an account: https://cwiki.apache.org/confluence/signup.action Here is the Fineract Confluence home: https://cwiki.apache.org/confluence/display/FINERACT/Fineract+Home You can decide where to put your requirements. There is a section for Fineract CN and others for gathering functional specs. This way there will be history and a point of reference. I checked your document and it seems you doing this work focused on the Indian market? Are there use cases somewhere which the Indy project has been used? Have you looked at the current way Fineract and Fineract CN are handling KYC and identity? What are the short comings? Thanks. Awasum On Mon, Mar 4, 2019 at 3:49 AM Rachit Kansal <[email protected]> wrote: > Hi everyone, > > My name is Rachit and I am volunteering for the Mifos initiative as a > product manager. Sorry for the delay, I was caught up in a lot of work and > some travelling. > > Just a small brief about myself, I graduated with an undergraduate degree > in Computer Science in 2017. I have had some experience with the open > source community as well and also successfully completed GSoC 2017 as a > student. Since then I am working in a cloud company called Nutanix. > Initially started off as a developer and now taking up responsibilities as > a product manager as well. > > Ed had asked me to explore KYC and the Sovrin/Indy project and try to come > up with the requirements for a PoC for the same (which we could take up for > GSoC).Find the attached link to the requirement document for the PoC. > > Please provide your inputs and details that you feel should be added to it > both from the requirements perspective as well as the developer > perspective. Also I would request the core developers of the fineract-cn to > chime in and maybe add details on how the interaction/integration with the > platform would look like for the PoC to cover the scenarios mentioned in > the document. > > *Requirements Document:* > > https://docs.google.com/document/d/1s-wx06l1UKfmzEL7qXOU-PfGfPPQma6flf-oGFg9OWs/edit?usp=sharing > > -- > Regards, > Rachit Kansal > > On Mon, 11 Feb 2019 at 23:15, Ed Cable <[email protected]> wrote: > > > James, thanks for bringing this to top of mind again. I want to introduce > > Rachit Kansal, a volunteer with the Mifos Initiative, who's going to be > > doing some product management work and research to shine light on some of > > the different directions the Fineract community could head. > > > > He's drafting a proposal for a proof of concept around Sovrin and > > Hyperledger Indy. He will share progress with that on list soon. > > > > This white paper is a good read on the efforts led by Sovrin Foundation > > around a decentralized identification system. > > > > > > > https://sovrin.org/wp-content/uploads/2018/03/Sovrin-Protocol-and-Token-White-Paper.pdf > > > > We are also going to do some exploration around Yoti which has a good > > enabling environment for developers and some programs conducive to > > financial inclusion. > > > > https://www.yoti.com/developers/ > > > > This Medium post from Caribou Digital is also a nice primer on the terms, > > identity, identification, and ID and how they differentiate them. > > > > > > > https://medium.com/caribou-digital/the-difference-between-digital-identity-identification-and-id-41580bbb7563 > > > > > > > > On Sat, Feb 9, 2019, 16:03 James Dailey <[email protected] wrote: > > > >> I'd like to raise this important issue again. We are in the space of > >> financial services, and so we must express kyc/aml/cft regulations. > >> > >> Know Your Customer is a FUNDAMENTAL banking concept. It is currently > >> supported via account opening in fineract but more needs to be done. > >> > >> We must also address the opportunity and the gap in formal identity if > we > >> are to be a serious player in financial inclusion. I don't believe > >> fineract > >> or mifos should do that function directly, but rather be able to speak > to > >> various identity/claims services. > >> > >> At times a mifos implementation will have the best information about a > >> specific customer. This also relates to credit bureaus and again, the > >> concept of 'identity-claims'. > >> > >> I'd like to suggest that we get a wiki page and then some detailed > >> requirements going and develop some ticket. But, looking for someone to > >> support this in coding and someone else who has a need now for this > >> functionality. > >> > >> Jdailey67 > >> > >> On Thu, Sep 13, 2018, 10:28 AM Ed Cable <[email protected] wrote: > >> > >> > James, > >> > > >> > Thanks for starting up this topic on-list (I only just saw it now upon > >> > Isaac's reply). I will try to forwards this along to others who have > >> been > >> > conversing on related topics of eKYC, verification via selfies, etc. I > >> will > >> > also get some of my volunteers assisting on the AML/CFT front involved > >> in > >> > this thread. > >> > > >> > Thank you also for bringing up our conversations with the INDY at > >> OSCON, I > >> > will re-engage with Joyce so we can carry forward the conversations we > >> > started there. > >> > > >> > The discussion around identity and looking at claim-based systems and > >> > decentralized identities are all the more relevant as systems like > >> Aadhar > >> > continue to get hacked and sensitive data gets exposed: > >> > > >> > > >> > https://www.huffingtonpost.in/2018/09/11/uidai-s-aadhaar-software-hacked-id-database-compromised-experts-confirm_a_23522472/ > >> > > >> > See some additional replies inline. > >> > > >> > > >> > On Mon, Sep 10, 2018 at 11:31 AM James Dailey <[email protected] > > > >> > wrote: > >> > > >> > > Hi Devs - > >> > > > >> > > I'd like to raise an issue with regard to how Fineract 1.x and the > new > >> > > Fineract-CN treats the concept of Identity. > >> > > > >> > > I was recently looking at Isaac's work on > >> > > > >> > > > >> > > >> > https://github.com/apache/fineract-cn-customer/pull/7/commits/65a88b9879a46103fae440c42d1b0058909a93aa > >> > > . > >> > > It got me thinking... I was unclear if the tests are fully covering > >> our > >> > > functionality, and wonder about how we are collectively thinking > about > >> > > identity. > >> > > > >> > > So, there has been a lot of work done recently on Digital Identity > and > >> > > Credentials globally. I think we should have as part of our > thinking > >> and > >> > > structure of the identity service: > >> > > > >> > > >> > For these components and sub-components of Identity you are starting > to > >> > flesh out below, it'd be great to synthesize into a requirements/spec > >> doc > >> > on the. Fineract wiki. > >> > > >> > > > >> > > 1. Issuing authority (this could be any relevant civil authority > >> such > >> > as > >> > > Federal Government, State Department, Provincial Gov't), any > >> private > >> > or > >> > > non-profit but recognized entity (e.g. University), and also any > >> > > commercial > >> > > entity that has a pre-existing relationship including Bank, > Mobile > >> > > Provider, Microfinance Entity, or even Facebook/WeChat/Alibaba. > >> > > When dealing with the unbanked, or underbanked, a form of digital > >> > > identity may be self-issued or issued on the spot, and be trusted > >> up > >> > to > >> > > a > >> > > point (see KYC below). > >> > > > >> > > 2. Credentials and Forms of verification - this could be a > separate > >> > > concept in Fineract of [one to many] relationship where Fineract > CN > >> > > stores > >> > > that information or simply notes that multiple sources of > >> verification > >> > > of > >> > > identity or "claims" have been verified. For example, a person > my > >> > > present > >> > > a paper form from the local utility company showing they are a > >> > customer. > >> > > Or, for example, a person may be verified by the mobile provider > as > >> > > being > >> > > on that network with that specific IMEI (device) and that > specific > >> > > telephone number. I think it is important to treat such forms as > >> > > security > >> > > tokens (encrypted). > >> > > > >> > > >> > Javier is working with a customer who want to do selfie-based eKYC for > >> > online account sign-ups. Some community members are quite expert on > eKYC > >> > processes as part of the loan origination workflow. I'll have those > >> inputs > >> > be voiced here. > >> > > >> > > > >> > > 3. Claims - there have been attempts at the W3C (world wide web > >> > > consortium) related to the issue of verification of digital > >> identity, > >> > to > >> > > describe these as "claims" where an individual may have multiple > >> > > sources in > >> > > the formal and informal sectors by which they can claim identity. > >> I > >> > > think > >> > > of Claims as IssuingAuthority+Verified, but that may be > >> > > oversimplification. Please see > >> > > https://www.w3.org/TR/verifiable-claims-use-cases/ . > >> > > > >> > > 4. Relationship with KYC and AML/CFT - In Mifos and now in > >> Fineract we > >> > > have a set of requirements around the relationship between the > >> > validity > >> > > of > >> > > the identity against regulations dealing with "know your > customer" > >> and > >> > > "anti-money-laundering" (inbound flows) and "counter the > financing > >> of > >> > > terrorism" (outbound flows). These requirements generally start > >> with > >> > > KYC > >> > > where the levels are generally thought of as KYC-0 (e.g. we don't > >> know > >> > > much > >> > > about them, but the authorities allow us to transact up to $300 > per > >> > > month), > >> > > KYC-1, KYC-2, up to KYC-3 (e.g.they have a formal and verified > >> > identity > >> > > credential from the national biometric system and they have up to > >> the > >> > > limit > >> > > of banking rules) In Fineract, I believe that what needs to be > >> > stored > >> > > is > >> > > the initial authorized level of KYC, the record of how much is > >> > expected > >> > > to > >> > > be transacted and then a calculated actual amount transacted so > >> that > >> > > exceptional transactions can be flagged, and the movement from > one > >> KYC > >> > > level to another. It is common in banking at least to have a SAR > >> > > (Suspicious Activity Report) based on a comparison of expected > >> > > transactions > >> > > and actual. The banking sector has been practicing this for a > long > >> > time > >> > > and rules are understood. > >> > > > >> > > >> > I will get Shabbir our CFT/AML expert to chime in on this thread and > >> > advance his thinking on the generic framework-level components we > could > >> > implement to assist with compliance. As you also might already know, > >> Ankur > >> > as part of his GSOC project for the mobile wallet, worked on > >> incorporating > >> > into the front-end some of the elements of tiered KYC. You can see his > >> > implementation at > >> > https://gist.github.com/ankurs287/d9ef88cedcebe678f09fd555b17c7546 > >> > > >> > and the discussion thread that Sundari started at > >> > > >> > > >> > http://mail-archives.apache.org/mod_mbox/fineract-dev/201806.mbox/%3CCAPnWRTjQHjys=vBFqkVqb7GZPo0iq7VFuGxP6sr-K0h55wK=m...@mail.gmail.com%3E > >> > > >> > > >> > > > >> > > > >> > > At OSCON we also learned about INDY, which is part of the > Hyperledger > >> > > project, and deals with Identity using some new distributed ledger > >> based > >> > > tools. I think it would be interesting to create a proof of concept > >> > where > >> > > we link our identity service to the Indy code. > >> > > > >> > > > >> > > >> > https://www.hyperledger.org/blog/2017/05/02/hyperledger-welcomes-project-indy > >> > > . This builds out the concept of a globally accessible public > >> utility > >> > for > >> > > decentralized identity. > >> > > > >> > > What would be a useful next step on this? Hoping for comments and > >> > > exploration of requirements. > >> > > > >> > > Thanks, > >> > > James > >> > > > >> > > >> > > >> > -- > >> > *Ed Cable* > >> > President/CEO, Mifos Initiative > >> > [email protected] | Skype: edcable | Mobile: +1.484.477.8649 > >> > > >> > *Collectively Creating a World of 3 Billion Maries | * > http://mifos.org > >> > <http://facebook.com/mifos> <http://www.twitter.com/mifos> > >> > > >> > > >
