Differences

This shows you the differences between two versions of the page.

Link to this comparison view

integration:transactions-new [2018/05/18 11:04] (current)
10.144.24.34 created
Line 1: Line 1:
 +====== No-code transcations ======
 +What if solution requires more than pure authentication?​ In that case an integrator can use AAA Reverse Proxy transaction system. ​
 +Transactions are user confirmed decisions like payments. They are secure, authenticated and validated using personal factor.
 +Tiny coding effort is required like providing confirmation text and evaluating the operation.
 +When user confirmation is required (i.e. user clicks on “pay” button) following workflow is processed. Service provider actions are in bold. Two main methods are supported:
 +
 +===== Push notification =====
 +This scenario is available for smart phones only. User must be logged in AAA Reverse Proxy.
 +  - Call AAA Reverse Proxy push transaction method (standard http request) providing confirmation text and verification level (personal factor, bio factor, no second factor)
 +    * Then AAA Reverse Proxy creates a request and sends it via push notification to user’s smart phone
 +    * Request is processed via PEIG.
 +    * User confirms it and provides personal factor
 +    * AAA Reverse Proxy evaluates request and sends a response back to service provider applications
 +  - Read response (JSON) and parse it
 +  - Evaluate success / failure: OK, User rejected, Wrong personal factor, etc.
 +
 +User experience:
 +  - User clicks on payment button.
 +  - A confirmation message is displayed on his smart phone (PEIG application)
 +  - If user agrees, personal factor is required (or bio factor)
 +  - Done
 +
 +===== Generic transaction =====
 +This scenario has no limitations and can be used even for non-authenticated users (every ADUCID operation is also authentication).
 +  - Prepare confirmation text (e.g. “Pay $99 from account 123456789 to account 987654321”). ​
 +  - Generate transaction ID (internal unique ID of transaction)
 +  - Call AAA Reverse Proxy transaction method (standard http request) providing confirmation text, return URL and verification level (personal factor, bio factor, no second factor)
 +  - Redirect to AAA Reverse Proxy transaction (must be in the same https context)
 +Now ADUCID integration code call PEIG or display a QR 
 +    * Request is processed via PEIG (directly or QR scan)
 +    * User confirms it and provides personal factor
 +    * User is redirected back to application (return URL)
 +    * AAA Reverse Proxy writes transaction status to http header ​
 +  - Now service provider has to read transaction status from http header i.e. evaluate success / failure: OK, User rejected, Wrong personal factor, etc.
 +
 +User experience:
 +  - User clicks on payment button.
 +  - Optionally QR code is displayed – user scans it using his / her PEIG
 +  - A confirmation message is displayed on his smart phone (PEIG application)
 +  - If user agrees, personal factor is required (or bio factor)
 +  - Done
  
  • integration/transactions-new.txt
  • Last modified: 2018/05/18 11:04
  • by 10.144.24.34