Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


See  Fineract CN Project Structure for references to these microservices. 

The target deploy is a minimal payment app backend system with minimal UI.  It should be deployed on a VM or cloud service (dockerized) and have a short guide to address questions about how to secure. 

Perhaps it has the following functional characteristics: 

  1. Use case orientation - that specific end-user roles and the steps that the end-user takes in interaction with Fineract-CN front end are written in a style that allows for both "tests" and communication of the requirements.  For example: 
    1. The User:BankStaff is able to login to see a recent history of all transactions by specific accounts, according to the permissions that they have that mask certain transaction details.  
    2. The User:Customer is able to login to a see current balances and recent activity on both debit and credit accounts with a total showing for all of their accounts. 
    3. The User:FieldAgent is able to login and see a list of payments by individuals for whom they are assigned to.  
    4. and so on... 

  2. That security and configuration guides be included in the thinking from the beginning.  An open source project often faces the false criticism that it is less secure so it is important to have ways of analyzing and addressing security holes from the beginning.  This may also take the form of jira tickets that relate to ensuring that the logs are inviolable and that early detection mechanisms send alerts to the proper humans defined in the configuration file - which may require thinking that through more. There are guides to how to secure infrastructure and I am sure other Apache projects have had to deal with this - we should look to them for advice.  

  3. That the surface area of the release includes: 
    1. Open an Account with at least two KYC levels 
    2. Open a second account for the same person or entity 
    3. Make a deposit 
    4. Make a withdrawal 
    5. Transfer funds within accounts held by the same person 
    6. Enforce rules related to transfer amounts (subject to KYC limits) 
    7. Have a simple approval process for a loan application (an agent can approve) 
    8. Configure a loan product with min and max amounts and two methods of interest calc
    9. Transfer funds from a "lending department" to a customer 
    10. Generate an expected payments schedule based on the product definition 
    11. Write off the loan
    12. Close the account (put into one of several different states) 

  4. That there is sufficient test coverage for the release.  

There is a good discussion concerning a minimal viable product here – >