Rachit, Thanks for sharing this with the community. Echoing what Awasum said, could you please create a page on the wiki he linked to.
Let me know your Apache ID once you've created it and I will give you the necessary permissions to create and edit pages. You can place it under the Product Requirement section for now and then we can move it accordingly once we adopt a new structure for the wiki that James is proposing on a separate thread. As part of that wiki page, it would be helpful to have a section that provides an initial set of use cases and also welcomes the community to provide input on use cases they need digital identity solutions to better help support. As part of this POC and some other ongoing collaboration with Yoti, I'd like for institutions and individuals across the community who have digital needs and well-articulated use cases to volunteer to be a part of these pilot efforts. As James noted, let me get your efforts synchronized with those developers working on payment and money transfer related use cases so no efforts are duplicated and we can ensure that digital identify, verification of identity claims, KYC, etc gets supported as needed to facilitate payments use cases. I will invite others in the community to participate in this discussion. I will keep this thread focused on the Sovrin/Indy POC but will send a separate email related to Yoti including a guest blog post from Ken Banks and an upcoming webinar that he'll be leading for the community. On Mon, Mar 4, 2019 at 1:15 AM Awasum Yannick <[email protected]> wrote: > Hi Rachit, > > Welcome to the community. > > Thanks for all the work you are doing. > > Will it be Ok if you transferred your document to Confluence? Here is the > link to signup and create an account: > https://cwiki.apache.org/confluence/signup.action > > Here is the Fineract Confluence home: > https://cwiki.apache.org/confluence/display/FINERACT/Fineract+Home > > You can decide where to put your requirements. There is a section for > Fineract CN and others for gathering functional specs. > > This way there will be history and a point of reference. > > I checked your document and it seems you doing this work focused on the > Indian market? Are there use cases somewhere which the Indy project has > been used? > Have you looked at the current way Fineract and Fineract CN are handling > KYC and identity? What are the short comings? > > Thanks. > Awasum > > On Mon, Mar 4, 2019 at 3:49 AM Rachit Kansal <[email protected]> > wrote: > > > Hi everyone, > > > > My name is Rachit and I am volunteering for the Mifos initiative as a > > product manager. Sorry for the delay, I was caught up in a lot of work > and > > some travelling. > > > > Just a small brief about myself, I graduated with an undergraduate degree > > in Computer Science in 2017. I have had some experience with the open > > source community as well and also successfully completed GSoC 2017 as a > > student. Since then I am working in a cloud company called Nutanix. > > Initially started off as a developer and now taking up responsibilities > as > > a product manager as well. > > > > Ed had asked me to explore KYC and the Sovrin/Indy project and try to > come > > up with the requirements for a PoC for the same (which we could take up > for > > GSoC).Find the attached link to the requirement document for the PoC. > > > > Please provide your inputs and details that you feel should be added to > it > > both from the requirements perspective as well as the developer > > perspective. Also I would request the core developers of the fineract-cn > to > > chime in and maybe add details on how the interaction/integration with > the > > platform would look like for the PoC to cover the scenarios mentioned in > > the document. > > > > *Requirements Document:* > > > > > https://docs.google.com/document/d/1s-wx06l1UKfmzEL7qXOU-PfGfPPQma6flf-oGFg9OWs/edit?usp=sharing > > > > -- > > Regards, > > Rachit Kansal > > > > On Mon, 11 Feb 2019 at 23:15, Ed Cable <[email protected]> wrote: > > > > > James, thanks for bringing this to top of mind again. I want to > introduce > > > Rachit Kansal, a volunteer with the Mifos Initiative, who's going to be > > > doing some product management work and research to shine light on some > of > > > the different directions the Fineract community could head. > > > > > > He's drafting a proposal for a proof of concept around Sovrin and > > > Hyperledger Indy. He will share progress with that on list soon. > > > > > > This white paper is a good read on the efforts led by Sovrin Foundation > > > around a decentralized identification system. > > > > > > > > > > > > https://sovrin.org/wp-content/uploads/2018/03/Sovrin-Protocol-and-Token-White-Paper.pdf > > > > > > We are also going to do some exploration around Yoti which has a good > > > enabling environment for developers and some programs conducive to > > > financial inclusion. > > > > > > https://www.yoti.com/developers/ > > > > > > This Medium post from Caribou Digital is also a nice primer on the > terms, > > > identity, identification, and ID and how they differentiate them. > > > > > > > > > > > > https://medium.com/caribou-digital/the-difference-between-digital-identity-identification-and-id-41580bbb7563 > > > > > > > > > > > > On Sat, Feb 9, 2019, 16:03 James Dailey <[email protected] wrote: > > > > > >> I'd like to raise this important issue again. We are in the space of > > >> financial services, and so we must express kyc/aml/cft regulations. > > >> > > >> Know Your Customer is a FUNDAMENTAL banking concept. It is currently > > >> supported via account opening in fineract but more needs to be done. > > >> > > >> We must also address the opportunity and the gap in formal identity > if > > we > > >> are to be a serious player in financial inclusion. I don't believe > > >> fineract > > >> or mifos should do that function directly, but rather be able to speak > > to > > >> various identity/claims services. > > >> > > >> At times a mifos implementation will have the best information about a > > >> specific customer. This also relates to credit bureaus and again, the > > >> concept of 'identity-claims'. > > >> > > >> I'd like to suggest that we get a wiki page and then some detailed > > >> requirements going and develop some ticket. But, looking for someone > to > > >> support this in coding and someone else who has a need now for this > > >> functionality. > > >> > > >> Jdailey67 > > >> > > >> On Thu, Sep 13, 2018, 10:28 AM Ed Cable <[email protected] wrote: > > >> > > >> > James, > > >> > > > >> > Thanks for starting up this topic on-list (I only just saw it now > upon > > >> > Isaac's reply). I will try to forwards this along to others who have > > >> been > > >> > conversing on related topics of eKYC, verification via selfies, > etc. I > > >> will > > >> > also get some of my volunteers assisting on the AML/CFT front > involved > > >> in > > >> > this thread. > > >> > > > >> > Thank you also for bringing up our conversations with the INDY at > > >> OSCON, I > > >> > will re-engage with Joyce so we can carry forward the conversations > we > > >> > started there. > > >> > > > >> > The discussion around identity and looking at claim-based systems > and > > >> > decentralized identities are all the more relevant as systems like > > >> Aadhar > > >> > continue to get hacked and sensitive data gets exposed: > > >> > > > >> > > > >> > > > https://www.huffingtonpost.in/2018/09/11/uidai-s-aadhaar-software-hacked-id-database-compromised-experts-confirm_a_23522472/ > > >> > > > >> > See some additional replies inline. > > >> > > > >> > > > >> > On Mon, Sep 10, 2018 at 11:31 AM James Dailey < > [email protected] > > > > > >> > wrote: > > >> > > > >> > > Hi Devs - > > >> > > > > >> > > I'd like to raise an issue with regard to how Fineract 1.x and the > > new > > >> > > Fineract-CN treats the concept of Identity. > > >> > > > > >> > > I was recently looking at Isaac's work on > > >> > > > > >> > > > > >> > > > >> > > > https://github.com/apache/fineract-cn-customer/pull/7/commits/65a88b9879a46103fae440c42d1b0058909a93aa > > >> > > . > > >> > > It got me thinking... I was unclear if the tests are fully > covering > > >> our > > >> > > functionality, and wonder about how we are collectively thinking > > about > > >> > > identity. > > >> > > > > >> > > So, there has been a lot of work done recently on Digital Identity > > and > > >> > > Credentials globally. I think we should have as part of our > > thinking > > >> and > > >> > > structure of the identity service: > > >> > > > > >> > > > >> > For these components and sub-components of Identity you are starting > > to > > >> > flesh out below, it'd be great to synthesize into a > requirements/spec > > >> doc > > >> > on the. Fineract wiki. > > >> > > > >> > > > > >> > > 1. Issuing authority (this could be any relevant civil > authority > > >> such > > >> > as > > >> > > Federal Government, State Department, Provincial Gov't), any > > >> private > > >> > or > > >> > > non-profit but recognized entity (e.g. University), and also > any > > >> > > commercial > > >> > > entity that has a pre-existing relationship including Bank, > > Mobile > > >> > > Provider, Microfinance Entity, or even Facebook/WeChat/Alibaba. > > >> > > When dealing with the unbanked, or underbanked, a form of > digital > > >> > > identity may be self-issued or issued on the spot, and be > trusted > > >> up > > >> > to > > >> > > a > > >> > > point (see KYC below). > > >> > > > > >> > > 2. Credentials and Forms of verification - this could be a > > separate > > >> > > concept in Fineract of [one to many] relationship where > Fineract > > CN > > >> > > stores > > >> > > that information or simply notes that multiple sources of > > >> verification > > >> > > of > > >> > > identity or "claims" have been verified. For example, a person > > my > > >> > > present > > >> > > a paper form from the local utility company showing they are a > > >> > customer. > > >> > > Or, for example, a person may be verified by the mobile > provider > > as > > >> > > being > > >> > > on that network with that specific IMEI (device) and that > > specific > > >> > > telephone number. I think it is important to treat such forms > as > > >> > > security > > >> > > tokens (encrypted). > > >> > > > > >> > > > >> > Javier is working with a customer who want to do selfie-based eKYC > for > > >> > online account sign-ups. Some community members are quite expert on > > eKYC > > >> > processes as part of the loan origination workflow. I'll have those > > >> inputs > > >> > be voiced here. > > >> > > > >> > > > > >> > > 3. Claims - there have been attempts at the W3C (world wide web > > >> > > consortium) related to the issue of verification of digital > > >> identity, > > >> > to > > >> > > describe these as "claims" where an individual may have > multiple > > >> > > sources in > > >> > > the formal and informal sectors by which they can claim > identity. > > >> I > > >> > > think > > >> > > of Claims as IssuingAuthority+Verified, but that may be > > >> > > oversimplification. Please see > > >> > > https://www.w3.org/TR/verifiable-claims-use-cases/ . > > >> > > > > >> > > 4. Relationship with KYC and AML/CFT - In Mifos and now in > > >> Fineract we > > >> > > have a set of requirements around the relationship between the > > >> > validity > > >> > > of > > >> > > the identity against regulations dealing with "know your > > customer" > > >> and > > >> > > "anti-money-laundering" (inbound flows) and "counter the > > financing > > >> of > > >> > > terrorism" (outbound flows). These requirements generally > start > > >> with > > >> > > KYC > > >> > > where the levels are generally thought of as KYC-0 (e.g. we > don't > > >> know > > >> > > much > > >> > > about them, but the authorities allow us to transact up to $300 > > per > > >> > > month), > > >> > > KYC-1, KYC-2, up to KYC-3 (e.g.they have a formal and verified > > >> > identity > > >> > > credential from the national biometric system and they have up > to > > >> the > > >> > > limit > > >> > > of banking rules) In Fineract, I believe that what needs to > be > > >> > stored > > >> > > is > > >> > > the initial authorized level of KYC, the record of how much is > > >> > expected > > >> > > to > > >> > > be transacted and then a calculated actual amount transacted so > > >> that > > >> > > exceptional transactions can be flagged, and the movement from > > one > > >> KYC > > >> > > level to another. It is common in banking at least to have a > SAR > > >> > > (Suspicious Activity Report) based on a comparison of expected > > >> > > transactions > > >> > > and actual. The banking sector has been practicing this for a > > long > > >> > time > > >> > > and rules are understood. > > >> > > > > >> > > > >> > I will get Shabbir our CFT/AML expert to chime in on this thread and > > >> > advance his thinking on the generic framework-level components we > > could > > >> > implement to assist with compliance. As you also might already > know, > > >> Ankur > > >> > as part of his GSOC project for the mobile wallet, worked on > > >> incorporating > > >> > into the front-end some of the elements of tiered KYC. You can see > his > > >> > implementation at > > >> > https://gist.github.com/ankurs287/d9ef88cedcebe678f09fd555b17c7546 > > >> > > > >> > and the discussion thread that Sundari started at > > >> > > > >> > > > >> > > > http://mail-archives.apache.org/mod_mbox/fineract-dev/201806.mbox/%3CCAPnWRTjQHjys=vBFqkVqb7GZPo0iq7VFuGxP6sr-K0h55wK=m...@mail.gmail.com%3E > > >> > > > >> > > > >> > > > > >> > > > > >> > > At OSCON we also learned about INDY, which is part of the > > Hyperledger > > >> > > project, and deals with Identity using some new distributed ledger > > >> based > > >> > > tools. I think it would be interesting to create a proof of > concept > > >> > where > > >> > > we link our identity service to the Indy code. > > >> > > > > >> > > > > >> > > > >> > > > https://www.hyperledger.org/blog/2017/05/02/hyperledger-welcomes-project-indy > > >> > > . This builds out the concept of a globally accessible public > > >> utility > > >> > for > > >> > > decentralized identity. > > >> > > > > >> > > What would be a useful next step on this? Hoping for comments and > > >> > > exploration of requirements. > > >> > > > > >> > > Thanks, > > >> > > James > > >> > > > > >> > > > >> > > > >> > -- > > >> > *Ed Cable* > > >> > President/CEO, Mifos Initiative > > >> > [email protected] | Skype: edcable | Mobile: +1.484.477.8649 > > >> > > > >> > *Collectively Creating a World of 3 Billion Maries | * > > http://mifos.org > > >> > <http://facebook.com/mifos> <http://www.twitter.com/mifos> > > >> > > > >> > > > > > > -- *Ed Cable* President/CEO, Mifos Initiative [email protected] | Skype: edcable | Mobile: +1.484.477.8649 *Collectively Creating a World of 3 Billion Maries | *http://mifos.org <http://facebook.com/mifos> <http://www.twitter.com/mifos>
