integration:transactions
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
integration:transactions [2018/05/18 11:03] 10.144.24.34 |
integration:transactions [2019/08/01 08:31] tjotov removed |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== No-code | + | ====== No-code |
| What if solution requires more than pure authentication? | What if solution requires more than pure authentication? | ||
| - | Transactions are user confirmed decisions like payments. They are secure, authenticated and validated using personal factor. | ||
| - | Tiny coding effort is required like providing confirmation text and evaluating the operation. | ||
| - | When user confirmation is required (i.e. user clicks on “pay” button) following workflow is processed. Service provider actions are in bold. Two main methods are supported: | ||
| - | ===== Push notification ===== | + | Transactions are user confirmed decisions like payments. They are secure, authenticated |
| - | This scenario is available for smart phones only. User must be logged in AAA Reverse Proxy. | + | |
| - | - Call AAA Reverse Proxy push transaction method (standard http request) providing confirmation text and verification level (personal factor, bio factor, no second factor) | + | |
| - | * Then AAA Reverse Proxy creates a request | + | |
| - | * Request is processed via PEIG. User confirms it and provides personal factor | + | |
| - | * AAA Reverse Proxy evaluates request and sends a response back to service provider applications | + | |
| - | - Read response (JSON) and parse it | + | |
| - | - Evaluate success / failure: OK, User rejected, Wrong personal factor, etc. | + | |
| - | User experience: | + | Tiny coding effort is required like providing confirmation text and evaluating the operation. |
| - | - User clicks on payment button. | + | When user confirmation is required (i.e. user clicks on “pay” button) following workflow is processed. Service provider actions are in bold. |
| - | - A confirmation | + | |
| - | - If user agrees, personal factor | + | |
| - | - Done | + | |
| - | ===== Generic transaction ===== | ||
| This scenario has no limitations and can be used even for non-authenticated users (every ADUCID operation is also authentication). | This scenario has no limitations and can be used even for non-authenticated users (every ADUCID operation is also authentication). | ||
| - Prepare confirmation text (e.g. “Pay $99 from account 123456789 to account 987654321”). | - Prepare confirmation text (e.g. “Pay $99 from account 123456789 to account 987654321”). | ||
| - Generate transaction ID (internal unique ID of transaction) | - Generate transaction ID (internal unique ID of transaction) | ||
| - | - Call AAA Reverse Proxy transaction method (standard http request) providing confirmation text, return URL and verification level (personal factor, | + | - Call AAA Reverse Proxy transaction method (standard http request) providing confirmation text, return URL and verification level ([[documentation: |
| - Redirect to AAA Reverse Proxy transaction (must be in the same https context) | - Redirect to AAA Reverse Proxy transaction (must be in the same https context) | ||
| - | Now ADUCID integration code call PEIG or display a QR | + | * Now ADUCID integration code call PEIG or display a QR |
| * Request is processed via PEIG (directly or QR scan) | * Request is processed via PEIG (directly or QR scan) | ||
| - | * User confirms it and provides | + | * User confirms it and provides |
| * User is redirected back to application (return URL) | * User is redirected back to application (return URL) | ||
| * AAA Reverse Proxy writes transaction status to http header | * AAA Reverse Proxy writes transaction status to http header | ||
| - | - Now service provider has to read transaction status from http header i.e. evaluate success / failure: OK, User rejected, Wrong personal factor, etc. | + | - Now service provider has to read transaction status from http header i.e. evaluate success / failure: OK, User rejected, Wrong PersonalCode, etc. |
| User experience: | User experience: | ||
| Line 37: | Line 23: | ||
| - Optionally QR code is displayed – user scans it using his / her PEIG | - Optionally QR code is displayed – user scans it using his / her PEIG | ||
| - A confirmation message is displayed on his smart phone (PEIG application) | - A confirmation message is displayed on his smart phone (PEIG application) | ||
| - | - If user agrees, | + | - If user agrees, |
| - Done | - Done | ||
Page Tools
