Hey Ed, Thanks for pointing me to this particular thread. Indeed Identity is need-of the hour for payment systems, I am not sure if Indy POC covers 2Factor authentication which is a crucial part of Digital Identity.
Team - My name is Samuel John (SJ), I’ll be happy to participate & provide information needed for Identity cases pertaining to Biometrics. I come from an Identity solution background where almost 12m+ profiles (across Africa) were served using commercials platforms which have designed using Fingerprint , Face, IRIS (commercials & open source technologies). Presently,I am into private blockchain network as a service for Digital assets (using etherum) by plugging in Biometrics as a 2Factor authentication. We can discuss more on what is needed for MIFOS community. -- SJ > On 6 Mar 2019, at 11:05, Samuel John Gara <[email protected]> wrote: > > > > On 2019/03/05 01:40:48, Ed Cable <[email protected] <http://mifos.org/>> wrote: > > Rachit,> > > > > Thanks for sharing this with the community. Echoing what Awasum said, > > could> > > you please create a page on the wiki he linked to.> > > > > Let me know your Apache ID once you've created it and I will give you the> > > necessary permissions to create and edit pages.> > > > > You can place it under the Product Requirement section for now and then we> > > can move it accordingly once we adopt a new structure for the wiki that> > > James is proposing on a separate thread.> > > > > As part of that wiki page, it would be helpful to have a section that> > > provides an initial set of use cases and also welcomes the community to> > > provide input on use cases they need digital identity solutions to better> > > help support.> > > > > As part of this POC and some other ongoing collaboration with Yoti, I'd> > > like for institutions and individuals across the community who have > > digital> > > needs and well-articulated use cases to volunteer to be a part of these> > > pilot efforts.> > > > > As James noted, let me get your efforts synchronized with those developers> > > working on payment and money transfer related use cases so no efforts are> > > duplicated and we can ensure that digital identify, verification of> > > identity claims, KYC, etc gets supported as needed to facilitate payments> > > use cases.> > > > > I will invite others in the community to participate in this discussion.> > > > > I will keep this thread focused on the Sovrin/Indy POC but will send a> > > separate email related to Yoti including a guest blog post from Ken Banks> > > and an upcoming webinar that he'll be leading for the community.> > > > > On Mon, Mar 4, 2019 at 1:15 AM Awasum Yannick <[email protected] > > <http://apache.org/>> wrote:> > > > > > Hi Rachit,> > > >> > > > Welcome to the community.> > > >> > > > Thanks for all the work you are doing.> > > >> > > > Will it be Ok if you transferred your document to Confluence? Here is > > > the> > > > link to signup and create an account:> > > > https://cwiki.apache.org/confluence/signup.action > > > <https://cwiki.apache.org/confluence/signup.action>> > > >> > > > Here is the Fineract Confluence home:> > > > https://cwiki.apache.org/confluence/display/FINERACT/Fineract+Home > > > <https://cwiki.apache.org/confluence/display/FINERACT/Fineract+Home>> > > >> > > > You can decide where to put your requirements. There is a section for> > > > Fineract CN and others for gathering functional specs.> > > >> > > > This way there will be history and a point of reference.> > > >> > > > I checked your document and it seems you doing this work focused on the> > > > Indian market? Are there use cases somewhere which the Indy project has> > > > been used?> > > > Have you looked at the current way Fineract and Fineract CN are handling> > > > KYC and identity? What are the short comings?> > > >> > > > Thanks.> > > > Awasum> > > >> > > > On Mon, Mar 4, 2019 at 3:49 AM Rachit Kansal <[email protected] > > > <http://gmail.com/>>> > > > wrote:> > > >> > > > > Hi everyone,> > > > >> > > > > My name is Rachit and I am volunteering for the Mifos initiative as a> > > > > product manager. Sorry for the delay, I was caught up in a lot of work> > > > and> > > > > some travelling.> > > > >> > > > > Just a small brief about myself, I graduated with an undergraduate > > > > degree> > > > > in Computer Science in 2017. I have had some experience with the open> > > > > source community as well and also successfully completed GSoC 2017 as > > > > a> > > > > student. Since then I am working in a cloud company called Nutanix.> > > > > Initially started off as a developer and now taking up > > > > responsibilities> > > > as> > > > > a product manager as well.> > > > >> > > > > Ed had asked me to explore KYC and the Sovrin/Indy project and try to> > > > come> > > > > up with the requirements for a PoC for the same (which we could take > > > > up> > > > for> > > > > GSoC).Find the attached link to the requirement document for the PoC.> > > > >> > > > > Please provide your inputs and details that you feel should be added > > > > to> > > > it> > > > > both from the requirements perspective as well as the developer> > > > > perspective. Also I would request the core developers of the > > > > fineract-cn> > > > to> > > > > chime in and maybe add details on how the interaction/integration with> > > > the> > > > > platform would look like for the PoC to cover the scenarios mentioned > > > > in> > > > > the document.> > > > >> > > > > *Requirements Document:*> > > > >> > > > >> > > > https://docs.google.com/document/d/1s-wx06l1UKfmzEL7qXOU-PfGfPPQma6flf-oGFg9OWs/edit?usp=sharing > > > > > > <https://docs.google.com/document/d/1s-wx06l1UKfmzEL7qXOU-PfGfPPQma6flf-oGFg9OWs/edit?usp=sharing>> > > > > > > >> > > > > --> > > > > Regards,> > > > > Rachit Kansal> > > > >> > > > > On Mon, 11 Feb 2019 at 23:15, Ed Cable <[email protected] > > > > <http://mifos.org/>> wrote:> > > > >> > > > > > James, thanks for bringing this to top of mind again. I want to> > > > introduce> > > > > > Rachit Kansal, a volunteer with the Mifos Initiative, who's going to > > > > > be> > > > > > doing some product management work and research to shine light on > > > > > some> > > > of> > > > > > the different directions the Fineract community could head.> > > > > >> > > > > > He's drafting a proposal for a proof of concept around Sovrin and> > > > > > Hyperledger Indy. He will share progress with that on list soon.> > > > > >> > > > > > This white paper is a good read on the efforts led by Sovrin > > > > > Foundation> > > > > > around a decentralized identification system.> > > > > >> > > > > >> > > > > >> > > > >> > > > https://sovrin.org/wp-content/uploads/2018/03/Sovrin-Protocol-and-Token-White-Paper.pdf > > > > > > <https://sovrin.org/wp-content/uploads/2018/03/Sovrin-Protocol-and-Token-White-Paper.pdf>> > > > > > > > >> > > > > > We are also going to do some exploration around Yoti which has a > > > > > good> > > > > > enabling environment for developers and some programs conducive to> > > > > > financial inclusion.> > > > > >> > > > > > https://www.yoti.com/developers/ <https://www.yoti.com/developers/>> > > > > >> > > > > > This Medium post from Caribou Digital is also a nice primer on the> > > > terms,> > > > > > identity, identification, and ID and how they differentiate them.> > > > > >> > > > > >> > > > > >> > > > >> > > > https://medium.com/caribou-digital/the-difference-between-digital-identity-identification-and-id-41580bbb7563 > > > > > > <https://medium.com/caribou-digital/the-difference-between-digital-identity-identification-and-id-41580bbb7563>> > > > > > > > >> > > > > >> > > > > >> > > > > > On Sat, Feb 9, 2019, 16:03 James Dailey <[email protected] > > > > > <mailto:[email protected]> wrote:> > > > > >> > > > > >> I'd like to raise this important issue again. We are in the space > > > > >> of> > > > > >> financial services, and so we must express kyc/aml/cft regulations.> > > > > >>> > > > > >> Know Your Customer is a FUNDAMENTAL banking concept. It is > > > > >> currently> > > > > >> supported via account opening in fineract but more needs to be > > > > >> done.> > > > > >>> > > > > >> We must also address the opportunity and the gap in formal > > > > >> identity> > > > if> > > > > we> > > > > >> are to be a serious player in financial inclusion. I don't believe> > > > > >> fineract> > > > > >> or mifos should do that function directly, but rather be able to > > > > >> speak> > > > > to> > > > > >> various identity/claims services.> > > > > >>> > > > > >> At times a mifos implementation will have the best information about > > > > >> a> > > > > >> specific customer. This also relates to credit bureaus and again, > > > > >> the> > > > > >> concept of 'identity-claims'.> > > > > >>> > > > > >> I'd like to suggest that we get a wiki page and then some detailed> > > > > >> requirements going and develop some ticket. But, looking for > > > > >> someone> > > > to> > > > > >> support this in coding and someone else who has a need now for this> > > > > >> functionality.> > > > > >>> > > > > >> Jdailey67> > > > > >>> > > > > >> On Thu, Sep 13, 2018, 10:28 AM Ed Cable <[email protected] > > > > >> <mailto:[email protected]> wrote:> > > > > >>> > > > > >> > James,> > > > > >> >> > > > > >> > Thanks for starting up this topic on-list (I only just saw it now> > > > upon> > > > > >> > Isaac's reply). I will try to forwards this along to others who > > > > >> > have> > > > > >> been> > > > > >> > conversing on related topics of eKYC, verification via selfies,> > > > etc. I> > > > > >> will> > > > > >> > also get some of my volunteers assisting on the AML/CFT front> > > > involved> > > > > >> in> > > > > >> > this thread.> > > > > >> >> > > > > >> > Thank you also for bringing up our conversations with the INDY at> > > > > >> OSCON, I> > > > > >> > will re-engage with Joyce so we can carry forward the > > > > >> > conversations> > > > we> > > > > >> > started there.> > > > > >> >> > > > > >> > The discussion around identity and looking at claim-based systems> > > > and> > > > > >> > decentralized identities are all the more relevant as systems > > > > >> > like> > > > > >> Aadhar> > > > > >> > continue to get hacked and sensitive data gets exposed:> > > > > >> >> > > > > >> >> > > > > >>> > > > >> > > > https://www.huffingtonpost.in/2018/09/11/uidai-s-aadhaar-software-hacked-id-database-compromised-experts-confirm_a_23522472/ > > > > > > <https://www.huffingtonpost.in/2018/09/11/uidai-s-aadhaar-software-hacked-id-database-compromised-experts-confirm_a_23522472/>> > > > > > > > >> >> > > > > >> > See some additional replies inline.> > > > > >> >> > > > > >> >> > > > > >> > On Mon, Sep 10, 2018 at 11:31 AM James Dailey <> > > > [email protected] <mailto:[email protected]>> > > > > >> > > > > >> > wrote:> > > > > >> >> > > > > >> > > Hi Devs -> > > > > >> > >> > > > > >> > > I'd like to raise an issue with regard to how Fineract 1.x and > > > > >> > > the> > > > > new> > > > > >> > > Fineract-CN treats the concept of Identity.> > > > > >> > >> > > > > >> > > I was recently looking at Isaac's work on> > > > > >> > >> > > > > >> > >> > > > > >> >> > > > > >>> > > > >> > > > https://github.com/apache/fineract-cn-customer/pull/7/commits/65a88b9879a46103fae440c42d1b0058909a93aa > > > > > > <https://github.com/apache/fineract-cn-customer/pull/7/commits/65a88b9879a46103fae440c42d1b0058909a93aa>> > > > > > > > >> > > .> > > > > >> > > It got me thinking... I was unclear if the tests are fully> > > > covering> > > > > >> our> > > > > >> > > functionality, and wonder about how we are collectively > > > > >> > > thinking> > > > > about> > > > > >> > > identity.> > > > > >> > >> > > > > >> > > So, there has been a lot of work done recently on Digital > > > > >> > > Identity> > > > > and> > > > > >> > > Credentials globally. I think we should have as part of our> > > > > thinking> > > > > >> and> > > > > >> > > structure of the identity service:> > > > > >> > >> > > > > >> >> > > > > >> > For these components and sub-components of Identity you are > > > > >> > starting> > > > > to> > > > > >> > flesh out below, it'd be great to synthesize into a> > > > requirements/spec> > > > > >> doc> > > > > >> > on the. Fineract wiki.> > > > > >> >> > > > > >> > >> > > > > >> > > 1. Issuing authority (this could be any relevant civil> > > > authority> > > > > >> such> > > > > >> > as> > > > > >> > > Federal Government, State Department, Provincial Gov't), any> > > > > >> private> > > > > >> > or> > > > > >> > > non-profit but recognized entity (e.g. University), and also> > > > any> > > > > >> > > commercial> > > > > >> > > entity that has a pre-existing relationship including Bank,> > > > > Mobile> > > > > >> > > Provider, Microfinance Entity, or even > > > > >> > > Facebook/WeChat/Alibaba.> > > > > >> > > When dealing with the unbanked, or underbanked, a form of> > > > digital> > > > > >> > > identity may be self-issued or issued on the spot, and be> > > > trusted> > > > > >> up> > > > > >> > to> > > > > >> > > a> > > > > >> > > point (see KYC below).> > > > > >> > >> > > > > >> > > 2. Credentials and Forms of verification - this could be a> > > > > separate> > > > > >> > > concept in Fineract of [one to many] relationship where> > > > Fineract> > > > > CN> > > > > >> > > stores> > > > > >> > > that information or simply notes that multiple sources of> > > > > >> verification> > > > > >> > > of> > > > > >> > > identity or "claims" have been verified. For example, a > > > > >> > > person> > > > > my> > > > > >> > > present> > > > > >> > > a paper form from the local utility company showing they are > > > > >> > > a> > > > > >> > customer.> > > > > >> > > Or, for example, a person may be verified by the mobile> > > > provider> > > > > as> > > > > >> > > being> > > > > >> > > on that network with that specific IMEI (device) and that> > > > > specific> > > > > >> > > telephone number. I think it is important to treat such > > > > >> > > forms> > > > as> > > > > >> > > security> > > > > >> > > tokens (encrypted).> > > > > >> > >> > > > > >> >> > > > > >> > Javier is working with a customer who want to do selfie-based > > > > >> > eKYC> > > > for> > > > > >> > online account sign-ups. Some community members are quite expert > > > > >> > on> > > > > eKYC> > > > > >> > processes as part of the loan origination workflow. I'll have > > > > >> > those> > > > > >> inputs> > > > > >> > be voiced here.> > > > > >> >> > > > > >> > >> > > > > >> > > 3. Claims - there have been attempts at the W3C (world wide > > > > >> > > web> > > > > >> > > consortium) related to the issue of verification of digital> > > > > >> identity,> > > > > >> > to> > > > > >> > > describe these as "claims" where an individual may have> > > > multiple> > > > > >> > > sources in> > > > > >> > > the formal and informal sectors by which they can claim> > > > identity.> > > > > >> I> > > > > >> > > think> > > > > >> > > of Claims as IssuingAuthority+Verified, but that may be> > > > > >> > > oversimplification. Please see> > > > > >> > > https://www.w3.org/TR/verifiable-claims-use-cases/ > > > > >> > > <https://www.w3.org/TR/verifiable-claims-use-cases/> .> > > > > >> > >> > > > > >> > > 4. Relationship with KYC and AML/CFT - In Mifos and now in> > > > > >> Fineract we> > > > > >> > > have a set of requirements around the relationship between > > > > >> > > the> > > > > >> > validity> > > > > >> > > of> > > > > >> > > the identity against regulations dealing with "know your> > > > > customer"> > > > > >> and> > > > > >> > > "anti-money-laundering" (inbound flows) and "counter the> > > > > financing> > > > > >> of> > > > > >> > > terrorism" (outbound flows). These requirements generally> > > > start> > > > > >> with> > > > > >> > > KYC> > > > > >> > > where the levels are generally thought of as KYC-0 (e.g. we> > > > don't> > > > > >> know> > > > > >> > > much> > > > > >> > > about them, but the authorities allow us to transact up to > > > > >> > > $300> > > > > per> > > > > >> > > month),> > > > > >> > > KYC-1, KYC-2, up to KYC-3 (e.g.they have a formal and > > > > >> > > verified> > > > > >> > identity> > > > > >> > > credential from the national biometric system and they have > > > > >> > > up> > > > to> > > > > >> the> > > > > >> > > limit> > > > > >> > > of banking rules) In Fineract, I believe that what needs > > > > >> > > to> > > > be> > > > > >> > stored> > > > > >> > > is> > > > > >> > > the initial authorized level of KYC, the record of how much > > > > >> > > is> > > > > >> > expected> > > > > >> > > to> > > > > >> > > be transacted and then a calculated actual amount transacted > > > > >> > > so> > > > > >> that> > > > > >> > > exceptional transactions can be flagged, and the movement > > > > >> > > from> > > > > one> > > > > >> KYC> > > > > >> > > level to another. It is common in banking at least to have > > > > >> > > a> > > > SAR> > > > > >> > > (Suspicious Activity Report) based on a comparison of > > > > >> > > expected> > > > > >> > > transactions> > > > > >> > > and actual. The banking sector has been practicing this for > > > > >> > > a> > > > > long> > > > > >> > time> > > > > >> > > and rules are understood.> > > > > >> > >> > > > > >> >> > > > > >> > I will get Shabbir our CFT/AML expert to chime in on this thread > > > > >> > and> > > > > >> > advance his thinking on the generic framework-level components we> > > > > could> > > > > >> > implement to assist with compliance. As you also might already> > > > know,> > > > > >> Ankur> > > > > >> > as part of his GSOC project for the mobile wallet, worked on> > > > > >> incorporating> > > > > >> > into the front-end some of the elements of tiered KYC. You can > > > > >> > see> > > > his> > > > > >> > implementation at> > > > > >> > https://gist.github.com/ankurs287/d9ef88cedcebe678f09fd555b17c7546 > > > > >> > <https://gist.github.com/ankurs287/d9ef88cedcebe678f09fd555b17c7546>> > > > > >> > > > > > >> >> > > > > >> > and the discussion thread that Sundari started at> > > > > >> >> > > > > >> >> > > > > >>> > > > >> > > > http://mail-archives.apache.org/mod_mbox/fineract-dev/201806.mbox/%3CCAPnWRTjQHjys=vBFqkVqb7GZPo0iq7VFuGxP6sr-K0h55wK=m...@mail.gmail.com%3E > > > > > > <http://mail-archives.apache.org/mod_mbox/fineract-dev/201806.mbox/%3CCAPnWRTjQHjys=vBFqkVqb7GZPo0iq7VFuGxP6sr-K0h55wK=m...@mail.gmail.com%3E>> > > > > > > > >> >> > > > > >> >> > > > > >> > >> > > > > >> > >> > > > > >> > > At OSCON we also learned about INDY, which is part of the> > > > > Hyperledger> > > > > >> > > project, and deals with Identity using some new distributed > > > > >> > > ledger> > > > > >> based> > > > > >> > > tools. I think it would be interesting to create a proof of> > > > concept> > > > > >> > where> > > > > >> > > we link our identity service to the Indy code.> > > > > >> > >> > > > > >> > >> > > > > >> >> > > > > >>> > > > >> > > > https://www.hyperledger.org/blog/2017/05/02/hyperledger-welcomes-project-indy > > > > > > <https://www.hyperledger.org/blog/2017/05/02/hyperledger-welcomes-project-indy>> > > > > > > > >> > > . This builds out the concept of a globally accessible public> > > > > >> utility > [message truncated...]
