This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
integration:transactions [2018/05/18 10:59] 10.144.24.34 |
integration:transactions [2018/05/18 11:01] 10.144.24.34 |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== No-code transcations ====== | ====== No-code transcations ====== | ||
- | |||
What if solution requires more than pure authentication? | What if solution requires more than pure authentication? | ||
Transactions are user confirmed decisions like payments. They are secure, authenticated and validated using personal factor. | Transactions are user confirmed decisions like payments. They are secure, authenticated and validated using personal factor. | ||
Tiny coding effort is required like providing confirmation text and evaluating the operation. | Tiny coding effort is required like providing confirmation text and evaluating the operation. | ||
When user confirmation is required (i.e. user clicks on “pay” button) following workflow is processed. Service provider actions are in bold. Two main methods are supported: | When user confirmation is required (i.e. user clicks on “pay” button) following workflow is processed. Service provider actions are in bold. Two main methods are supported: | ||
- | Push notification | + | |
+ | ===== Push notification | ||
This scenario is available for smart phones only. User must be logged in AAA Reverse Proxy. | This scenario is available for smart phones only. User must be logged in AAA Reverse Proxy. | ||
- | 1. Call AAA Reverse Proxy push transaction method (standard http request) providing confirmation text and verification level (personal factor, bio factor, no second factor) | + | - Call AAA Reverse Proxy push transaction method (standard http request) providing confirmation text and verification level (personal factor, bio factor, no second factor) |
Then AAA Reverse Proxy creates a request and sends it via push notification to user’s smart phone | Then AAA Reverse Proxy creates a request and sends it via push notification to user’s smart phone | ||
- | Request is processed via PEIG | + | Request is processed via PEIG <br>User confirms it and provides personal factor |
- | User confirms it and provides personal factor | + | |
AAA Reverse Proxy evaluates request and sends a response back to service provider applications | AAA Reverse Proxy evaluates request and sends a response back to service provider applications | ||
- | 2. Read response (JSON) and parse it | + | - Read response (JSON) and parse it |
- | 3. Evaluate success / failure: OK, User rejected, Wrong personal factor, etc. | + | |
User experience: | User experience: | ||
- | 1. User clicks on payment button. | + | - User clicks on payment button. |
- | 2. A confirmation message is displayed on his smart phone (PEIG application) | + | |
- | 3. If user agrees, personal factor is required (or bio factor) | + | |
- | 4. Done | + | |
- | Generic transaction | + | ===== Generic transaction |
This scenario has no limitations and can be used even for non-authenticated users (every ADUCID operation is also authentication). | This scenario has no limitations and can be used even for non-authenticated users (every ADUCID operation is also authentication). | ||
- | 1. Prepare confirmation text (e.g. “Pay $99 from account 123456789 to account 987654321”). | + | - Prepare confirmation text (e.g. “Pay $99 from account 123456789 to account 987654321”). |
- | 2. Generate transaction ID (internal unique ID of transaction) | + | |
- | 3. Call AAA Reverse Proxy transaction method (standard http request) providing confirmation text, return URL and verification level (personal factor, bio factor, no second factor) | + | |
- | 4. Redirect to AAA Reverse Proxy transaction (must be in the same https context) | + | |
Now ADUCID integration code call PEIG or display a QR code | Now ADUCID integration code call PEIG or display a QR code | ||
Request is processed via PEIG (directly or QR scan) | Request is processed via PEIG (directly or QR scan) | ||
Line 32: | Line 31: | ||
User is redirected back to application (return URL) | User is redirected back to application (return URL) | ||
AAA Reverse Proxy writes transaction status to http header | AAA Reverse Proxy writes transaction status to http header | ||
- | 5. Now service provider has to read transaction status from http header i.e. evaluate success / failure: OK, User rejected, Wrong personal factor, etc. | + | - Now service provider has to read transaction status from http header i.e. evaluate success / failure: OK, User rejected, Wrong personal factor, etc. |
User experience: | User experience: | ||
- | 1. User clicks on payment button. | + | - User clicks on payment button. |
- | 2. Optionally QR code is displayed – user scans it using his / her PEIG | + | |
- | 3. A confirmation message is displayed on his smart phone (PEIG application) | + | |
- | 4. If user agrees, personal factor is required (or bio factor) | + | |
- | 5. Done | + | |