Co musí banka udělat pro zapojení do Zingly?

Petr Dvořák CEO at Lime

E-mail: petr@lime-company.eu

Twitter: @joshis_tweets

Sdílejte přátelům a známým

Otázky lze klást v Q&A boxu

Odkaz na Slideshare v popisu videa

Záznam bude dostupný on-line

Infrastruktura Zingly

PowerAuth Server PowerAuth Server

Zingly API Server Zingly API Server

Zingly Multi-Banking Hub Server

Banka A Banka B

Ban

kyUži

vate

lé

PowerAuth Server

Zin

gly

Internetové bankovnictví

Internetové bankovnictví

PowerAuth Server PowerAuth Server

Zingly API Server Zingly API Server

Zingly Multi-Banking Hub Server

Banka A Banka B

Ban

kyUži

vate

lé

PowerAuth Server

Zin

gly

Internetové bankovnictví

Internetové bankovnictví

PowerAuth Server PowerAuth Server

Zingly API Server Zingly API Server

Zingly Multi-Banking Hub Server

Banka A Banka B

Ban

kyUži

vate

lé

PowerAuth Server

Zin

gly

Internetové bankovnictví

Internetové bankovnictví

PowerAuth Server

Zingly API ServerInternetové bankovnictví

SOAP REST-ish

SOAP REST-ish

PowerAuth 2.0 Standard API Zingly Banking API

PowerAuth Server

Zingly API ServerInternetové bankovnictví

Internal Banking Infrastructure

Plugin / Adapter Plugin / Adapter

Connector

Použité technologie

Spring Boot

JPA + Hibernate

Aplikace - Java EE 7

OracleDB, IBM DB2,

MySQL, PostgreSQL

Databáze - JPA2.0

Github

Maven

Development

*

* komerční support

SOAP

REST

Service API

Postup nasazování

PowerAuth Server

Zingly API ServerInternetové bankovnictví

1. Nasazení PowerAuth 2.0 Serveru

PowerAuth Server

Zingly API ServerInternetové bankovnictví

2. Integrace s IB

PowerAuth Server

Zingly API ServerInternetové bankovnictví

3. Nasazení Zingly API Serveru

Nasazení PowerAuth 2.0 Serveru

https://github.com/lime-company/lime-security-powerauth/blob/master/powerauth-docs/source/tutorial/deployment.md

1. Stáhněte si PowerAuth 2.0 Serverhttps://github.com/lime-company/lime-security-powerauth/releases/tag/0.8

2. Přidejte DB connector na classpathmysql-connector-java-${VERSION}.jar

3. Vytvořte databázové schéma

4. Nastavte parametry pro připojení PowerAuth serveru do DB

spring.datasource.url=jdbc:mysql://localhost:3306/powerauth spring.datasource.username=powerauth spring.datasource.password= spring.datasource.driver-class-name=com.mysql.jdbc.Driver spring.jpa.hibernate.ddl-auto=none

5. Nasaďte WAR soubor do Java EE aplikačního containeru

Nebo spusťte ”java -jar powerauth-java-server.war”

Demo

PowerAuth Server

Zingly API ServerInternetové bankovnictví

SOAP REST-ish

PowerAuth 2.0 Standard API Zingly Banking API

SOAP REST-ish

PowerAuth 2.0 Admin

Správa aplikací

Přehled aktivací uživatele

Nová aktivace

Detail a správa aktivace

1. Stáhněte si PowerAuth 2.0 Adminhttps://github.com/lime-company/lime-security-powerauth/releases/tag/0.8

2. Nastavte cestu k PowerAuth Serveru

powerauth.service.url=http://localhost:8080/powerauth/soap

3. Nasaďte WAR soubor do Java EE aplikačního containeru

Nebo spusťte ”java -jar powerauth-admin.war”

Demo

PowerAuth Server

Zingly API ServerInternetové bankovnictví

SOAP REST-ish

PowerAuth 2.0 Standard API Zingly Banking API

SOAP REST-ish

PowerAuth Admin

Integrace PowerAuth 2.0 a Internetbankingu

https://github.com/lime-company/lime-security-powerauth/blob/master/powerauth-docs/source/tutorial/internet-banking.md

Admin ~ Internetbanking

1. Přidejte do projektu Maven závislost

<dependency> <groupId>io.getlime.security</groupId> <artifactId>powerauth-java-client</artifactId> <version>0.0.8</version> </dependency>

<dependency> <groupId>io.getlime.security</groupId> <artifactId>powerauth-java-client</artifactId> <version>0.0.8</version> </dependency>

<dependency> <groupId>io.getlime.security</groupId> <artifactId>powerauth-java-client</artifactId> <version>0.0.8</version> </dependency>

<dependency> <groupId>io.getlime.security</groupId> <artifactId>powerauth-java-client</artifactId> <version>0.0.8</version> </dependency>

2. Napojte se na PowerAuth Server

@Configuration @ComponentScan(basePackages = {"io.getlime"}) public class PowerAuthWebServiceConfiguration {

@Bean public Jaxb2Marshaller marshaller() { Jaxb2Marshaller marshaller = new Jaxb2Marshaller(); marshaller.setContextPath("io.getlime.powerauth.soap"); return marshaller; }

@Bean public PowerAuthServiceClient powerAuthClient(Jaxb2Marshaller m) { PowerAuthServiceClient client = new PowerAuthServiceClient(); client.setDefaultUri("http://localhost:8080/powerauth/soap"); client.setMarshaller(marshaller); client.setUnmarshaller(marshaller); return client; }

}

@Configuration @ComponentScan(basePackages = {"io.getlime"}) public class PowerAuthWebServiceConfiguration {

@Bean public Jaxb2Marshaller marshaller() { Jaxb2Marshaller marshaller = new Jaxb2Marshaller(); marshaller.setContextPath("io.getlime.powerauth.soap"); return marshaller; }

@Bean public PowerAuthServiceClient powerAuthClient(Jaxb2Marshaller m) { PowerAuthServiceClient client = new PowerAuthServiceClient(); client.setDefaultUri("http://localhost:8080/powerauth/soap"); client.setMarshaller(marshaller); client.setUnmarshaller(marshaller); return client; }

}

@Configuration @ComponentScan(basePackages = {"io.getlime"}) public class PowerAuthWebServiceConfiguration {

@Bean public Jaxb2Marshaller marshaller() { Jaxb2Marshaller marshaller = new Jaxb2Marshaller(); marshaller.setContextPath("io.getlime.powerauth.soap"); return marshaller; }

@Bean public PowerAuthServiceClient powerAuthClient(Jaxb2Marshaller m) { PowerAuthServiceClient client = new PowerAuthServiceClient(); client.setDefaultUri("http://localhost:8080/powerauth/soap"); client.setMarshaller(marshaller); client.setUnmarshaller(marshaller); return client; }

}

@Configuration @ComponentScan(basePackages = {"io.getlime"}) public class PowerAuthWebServiceConfiguration {

@Bean public Jaxb2Marshaller marshaller() { Jaxb2Marshaller marshaller = new Jaxb2Marshaller(); marshaller.setContextPath("io.getlime.powerauth.soap"); return marshaller; }

@Bean public PowerAuthServiceClient powerAuthClient(Jaxb2Marshaller m) { PowerAuthServiceClient client = new PowerAuthServiceClient(); client.setDefaultUri("http://localhost:8080/powerauth/soap"); client.setMarshaller(marshaller); client.setUnmarshaller(marshaller); return client; }

}

3. Používejte PowerAuthServiceClient ve vaší aplikaci

@Controller @RequestMapping(value = "/ib/settings") public class AuthenticationController {

@Autowired private PowerAuthServiceClient client;

// ... Controller code

List<Activations> aL = client.getActivationListForUser(uid);

}

@Controller @RequestMapping(value = "/ib/settings") public class AuthenticationController {

@Autowired private PowerAuthServiceClient client;

// ... Controller code

List<Activations> aL = client.getActivationListForUser(uid);

}

Blokace / odblokování aktivace

Odstranění aktivace

Nová aktivace a “commit” aktivace

Přehled aktivací

PowerAuth Server

Zingly API ServerInternetové bankovnictví

SOAP REST-ish

PowerAuth 2.0 Standard API Zingly Banking API

SOAP REST-ish

PowerAuth Admin

Nasazení Zingly API Serveru

Open-source *

* již brzy

PowerAuth Server

Zingly API ServerInternetové bankovnictví

SOAP REST-ish

PowerAuth 2.0 Standard API Zingly Banking API

SOAP REST-ish

PowerAuth Admin

PowerAuth Server

Zingly API ServerInternetové bankovnictví

SOAP REST-ish

SOAP REST-ish

PowerAuth 2.0 Standard API Zingly Banking API

Bankovní službyPowerAuth

Admin

Orchestruje obchodní logiku

Služby pro přehledy účtů a transakcí

Vystavuje PowerAuth 2.0 Standard API

Integrace s PowerAuth 2.0 Serverem

Služby pro realizaci platby

Orchestruje obchodní logiku

Služby pro přehledy účtů a transakcí

Vystavuje PowerAuth 2.0 Standard API

Integrace s PowerAuth 2.0 Serverem

Služby pro realizaci platby

1. Stáhněte si Zingly API ServerTBD - TODO - SOON

2. Nastavte cestu k PowerAuth Serveru

powerauth.service.url=http://localhost:8080/powerauth/soap

3. Rozšiřte projekt o vaše specifické technologie a knihovny

4. Naimplementujte bankovní službu

public interface ZinglyService { public List<AccountModel> getAccountsForUser(String userId); public boolean canGetTransactions(String userId, String iban); public List<TransactionModel> getTransactionsForAccount( String iban, Date dateFrom, Date dateTo, BigInteger offset, BigInteger itemCount ); public boolean canExecutePayment(String userId, String iban); public List<ErrorModel> validatePayment(PaymentModel payment); public PaymentModel executePayment(PaymentModel payment);

// ...

}

public interface ZinglyService { public List<AccountModel> getAccountsForUser(String userId); public boolean canGetTransactions(String userId, String iban); public List<TransactionModel> getTransactionsForAccount( String iban, Date dateFrom, Date dateTo, BigInteger offset, BigInteger itemCount ); public boolean canExecutePayment(String userId, String iban); public List<ErrorModel> validatePayment(PaymentModel payment); public PaymentModel executePayment(PaymentModel payment);

// ...

}

Ukázka kódu

PowerAuth Server

Zingly API ServerInternetové bankovnictví

SOAP REST-ish

SOAP REST-ish

PowerAuth 2.0 Standard API Zingly Banking API

Bankovní službyPowerAuth

Admin

Testování integrace

https://github.com/lime-company/lime-security-powerauth/blob/master/powerauth-docs/source/tutorial/console-client-app.md

1. Stáhněte si PowerAuth 2.0 CMDhttps://github.com/lime-company/lime-security-powerauth/releases

2. Připravte si konfigurační soubor

$ cat /tmp/pamk.json { "applicationName": "PowerAuth 2.0 Reference Client", "applicationId": "Xg2sNup4wH7UQdchEld10w==", "applicationSecret": "+k9EBCszvcDOalMK9FZYiQ==", "masterPublicKey": "BByU43YKRNkzB+1/rahhaJC4kiGNiciYrcTBrL8=" }

3. Testujte integraci :-)

$ java -jar powerauth-java-cmd.jar --url "http://localhost:8080/zingly-api" --config-file "/tmp/pamk.json" --status-file "/tmp/pa_status.json" --method "prepare" --password "1234" --activation-code "F3CCT-FNOUS-GEVJF-O3HMV"

$ cat /tmp/pa_status.json { "activationId" : "24ac43a6-375e-4428-843a-84a2faa87e8e" "counter" : 4, "signaturePossessionKey" : "CwCviJR/wGqm8wNrNe4JGA==", "signatureKnowledgeKeyEncrypted" : "WFKHFrezmYuFAUToAQ==", "signatureKnowledgeKeySalt" : "RmDQ8hwsy0V/Gi1GHDKjWw==", "signatureBiometryKey" : "K2ZrnBP/AU2dWheFJOQKvw==", "transportMasterKey" : "kp2sNKVGepV9xtTwLXs/5g==", "encryptedDevicePrivateKey" : "17LLl/C8pYo/YA+w4Z6z1LLZa2U", "serverPublicKey" : "BEWx7a6LnkW7ckbJKUz2IINY5VSL0U6INwM=" }

$ cat /tmp/pa_status.json { "activationId" : "24ac43a6-375e-4428-843a-84a2faa87e8e" "counter" : 4, "signaturePossessionKey" : "CwCviJR/wGqm8wNrNe4JGA==", "signatureKnowledgeKeyEncrypted" : “WFKHFrezmYuFAUToAQ==", "signatureKnowledgeKeySalt" : "RmDQ8hwsy0V/Gi1GHDKjWw==", "signatureBiometryKey" : "K2ZrnBP/AU2dWheFJOQKvw==", "transportMasterKey" : "kp2sNKVGepV9xtTwLXs/5g==", "encryptedDevicePrivateKey" : "17LLl/C8pYo/YA+w4Z6z1LLZa2U", "serverPublicKey" : "BEWx7a6LnkW7ckbJKUz2IINY5VSL0U6INwM=" }

$ cat /tmp/pa_status.json { "activationId" : "24ac43a6-375e-4428-843a-84a2faa87e8e" "counter" : 4, "signaturePossessionKey" : "CwCviJR/wGqm8wNrNe4JGA==", "signatureKnowledgeKeyEncrypted" : "WFKHFrezmYuFAUToAQ==", "signatureKnowledgeKeySalt" : "RmDQ8hwsy0V/Gi1GHDKjWw==", "signatureBiometryKey" : "K2ZrnBP/AU2dWheFJOQKvw==", "transportMasterKey" : "kp2sNKVGepV9xtTwLXs/5g==", "encryptedDevicePrivateKey" : "17LLl/C8pYo/YA+w4Z6z1LLZa2U", "serverPublicKey" : "BEWx7a6LnkW7ckbJKUz2IINY5VSL0U6INwM=" }

$ cat /tmp/pa_status.json { "activationId" : "24ac43a6-375e-4428-843a-84a2faa87e8e" "counter" : 4, "signaturePossessionKey" : "CwCviJR/wGqm8wNrNe4JGA==", "signatureKnowledgeKeyEncrypted" : "WFKHFrezmYuFAUToAQ==", "signatureKnowledgeKeySalt" : "RmDQ8hwsy0V/Gi1GHDKjWw==", "signatureBiometryKey" : "K2ZrnBP/AU2dWheFJOQKvw==", "transportMasterKey" : "kp2sNKVGepV9xtTwLXs/5g==", "encryptedDevicePrivateKey" : "17LLl/C8pYo/YA+w4Z6z1LLZa2U", "serverPublicKey" : "BEWx7a6LnkW7ckbJKUz2IINY5VSL0U6INwM=" }

$ cat /tmp/pa_status.json { "activationId" : "24ac43a6-375e-4428-843a-84a2faa87e8e" "counter" : 4, "signaturePossessionKey" : "CwCviJR/wGqm8wNrNe4JGA==", "signatureKnowledgeKeyEncrypted" : "WFKHFrezmYuFAUToAQ==", "signatureKnowledgeKeySalt" : "RmDQ8hwsy0V/Gi1GHDKjWw==", "signatureBiometryKey" : "K2ZrnBP/AU2dWheFJOQKvw==", "transportMasterKey" : "kp2sNKVGepV9xtTwLXs/5g==", "encryptedDevicePrivateKey" : "17LLl/C8pYo/YA+w4Z6z1LLZa2U", "serverPublicKey" : "BEWx7a6LnkW7ckbJKUz2IINY5VSL0U6INwM=" }

$ cat /tmp/pa_status.json { "activationId" : "24ac43a6-375e-4428-843a-84a2faa87e8e" "counter" : 4, "signaturePossessionKey" : "CwCviJR/wGqm8wNrNe4JGA==", "signatureKnowledgeKeyEncrypted" : "WFKHFrezmYuFAUToAQ==", "signatureKnowledgeKeySalt" : "RmDQ8hwsy0V/Gi1GHDKjWw==", "signatureBiometryKey" : "K2ZrnBP/AU2dWheFJOQKvw==", "transportMasterKey" : "kp2sNKVGepV9xtTwLXs/5g==", "encryptedDevicePrivateKey" : "17LLl/C8pYo/YA+w4Z6z1LLZa2U", "serverPublicKey" : "BEWx7a6LnkW7ckbJKUz2IINY5VSL0U6INwM=" }

$ cat /tmp/pa_status.json { "activationId" : "24ac43a6-375e-4428-843a-84a2faa87e8e" "counter" : 4, "signaturePossessionKey" : "CwCviJR/wGqm8wNrNe4JGA==", "signatureKnowledgeKeyEncrypted" : "WFKHFrezmYuFAUToAQ==", "signatureKnowledgeKeySalt" : "RmDQ8hwsy0V/Gi1GHDKjWw==", "signatureBiometryKey" : "K2ZrnBP/AU2dWheFJOQKvw==", "transportMasterKey" : "kp2sNKVGepV9xtTwLXs/5g==", "encryptedDevicePrivateKey" : "17LLl/C8pYo/YA+w4Z6z1LLZa2U", "serverPublicKey" : "BEWx7a6LnkW7ckbJKUz2IINY5VSL0U6INwM=" }

PowerAuth Server

Zingly API ServerInternetové bankovnictví

SOAP REST-ish

SOAP REST-ish

PowerAuth 2.0 Standard API Zingly Banking API

Bankovní službyPowerAuth

Admin

PowerAuth Server PowerAuth Server

Zingly API Server Zingly API Server

Zingly Multi-Banking Hub Server

Banka A Banka B

Ban

kyUži

vate

lé

PowerAuth Server

Zin

gly

Internetové bankovnictví

Internetové bankovnictví

Děkuji

Petr Dvořák e-mail: petr@lime-company.eu twitter: @zinglyapp

http://zingly.cz/

31.3., 15:00 - 16:00 Dopad multi-bankingu a otevřených bankovních API do obchodního fungování bank

Otázky? :-)

Petr Dvořák e-mail: petr@lime-company.eu twitter: @zinglyapp

http://zingly.cz/