Hi Juhan, Thanks for taking the initiative to explore this topic as it's been a critical one that we've been trying to actively discuss with the community since January of 2018 - https://markmail.org/thread/2xz2py455r7rlm3p
The API gateway providing support for a UK Open Banking API that Mifos has started implementing and will soon be shipping is the first step towards more securely supporting third party customer-facing apps. This has been implemented for both Fineract 1.x and Fineract CN. It's only been tested with some reference apps but one of the next steps is to have the existing wallet and mobile banking apps on Fineract and Fineract CN connect via the API Gateway. If you haven't watched this webinar, our digital transformation webinar introduces some of the Open Banking API work: https://www.youtube.com/watch?v=3vauM7axnRs We do recognize that it's only one step along the way and in order to treat the customer as a first-class citizen we do need a separate data store for the customer that can be written to and read from. Vishwas has articulated some of these requirements in a recent post to that same thread: https://markmail.org/message/f5t6aejhktr6htgd I would love to work with you in helping to spec out the work needed to have customers be a first-class citizen and then build out the separate data store for customers, an offline first approach and then align that with the Open Banking API that's being implemented to initially provide first-party apps a secure way to connect and also allow for third-party apps to connect to. Perhaps we can get a small working group in place to advance this further. I can get some of the product management volunteers like Prakash involved to help with the spec as well. Ed On Thu, Sep 26, 2019 at 1:38 PM Juhan Aasaru <[email protected]> wrote: > Hi! > > I would like to raise a separate thread regarding customers logging in to > fineract-cn on their own behalf > (to provide customer self-service). Vishwas wrote earlier in another > thread: > > AFAIK, you cannot do the same on the current micro-services. > > The Mifos initiative has another project (Customer Self Service API > Gateway) > > which allows customer self service by maintaining separate credentials > for each customer. > > After the customer has been authenticated and authorized at the gateway, > > it interfaces with Fineract-CN using a system / back-office user > credential . > > I didn't find such a project, I think something like this only exists for > Fineract 1.x > But even if it exists the described design sounds more like a workaround > or a "hack" > - something that is done to add the functionality to an existing system. > > Since Fineract-CN is a new platform and it has all the building blocks it > should make customer a > First-Class citizen [ https://en.wikipedia.org/wiki/First-class_citizen ] > meaning the customer > would represent himself as a user and all the privileges checking systems > would > make sure the customer is only able to obtain information about himself. > > I know it adds a lot of complexity (to alredy complex world) but I was > wondering if > this question has risen earlier and if there have been any design thoughts > how it should > be implemented (or why it was decided not to implement it). > > I see Fineract 1.x /MifosX has a nice analysis document about customer > self-service here > https://cwiki.apache.org/confluence/display/FINERACT/Customer+Self-Service > I wonder if something exists for Fineract-CN as well. > Or if not how could we come up with a similar document how it should be > once implemented. > > Regards > Juhan > > > -- *Ed Cable* President/CEO, Mifos Initiative [email protected] | Skype: edcable | Mobile: +1.484.477.8649 *Collectively Creating a World of 3 Billion Maries | *http://mifos.org <http://facebook.com/mifos> <http://www.twitter.com/mifos>
