Epic: SM-1811 - IAM: Authenticate and authorize with step up requirement (MVP-P1) Resolved
JIRA: SM-1834 - Authorize with face matching (Step up) Cancelled
Priority:
Effort estimate:
Review status: in preparation/ready to review/approved
As a Customer I want to be able to authorize/approve action taken by the app by verifying my face-matching.
Role: Customer
Objective: Customer approves action to complete activity
Reason: Verify and confirm that customer action to be completed
Functional requirements:
Slacker https://safibank.atlassian.net/l/cp/mq55Wj1m as a decision point to assess the risk evaluation of operation. Based on the risk assessment, the calling service should make a decision whether or not to request step-up. Slacker response will be either approve or reject or Step-up
IAM interaction with Slacker regarding step up functionality https://safibank.atlassian.net/l/cp/mq55Wj1m
Use cases of stepup: Transactions, change of mobile phone, account/loan approval
What actions within the app will require authorization? https://docs.google.com/spreadsheets/d/1031t_wW8QtOUZ1w_OmUov6EdW4c6RV0lDqf2FwxPj0g/edit#gid=752753723 Connect to preview
The complete Step Up procedure shown in detail below (Technical Assessment)
UI requirements:
Process flow: n/a
Execution steps: n/a
Internal dependencies:
External dependencies: 3rd party prerequisites
Alternative scenarios: what would happen if not done (optional)
Acceptance criteria:
customer approves action using face-matching
Action is completed
Links to wireframes/UI: TBD
Technical Assessment
Onboarding squad implemented the face comparison feature as part of the onboarding process and they also made it available for step-up (Liveness check in Onboarding Process).
Notes:
For #4 above, the proposal is that the BE returns 401 and
WWW-Authenticate: SaFi level=3, challenge="1234567890ABCDE"
so the FE can handle this return value in a generic way.
State Diagram
The state transitions in the high-level design are illustrated below:
Attachments:
plantuml_1663017810760 (text/plain)
plantuml_1663017810760.png (image/png)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
~drawio~557058:fbaec0fe-b197-42e4-bce4-93727edf7519~Step Up Authentication State Diagram.tmp (application/vnd.jgraph.mxfile)
~drawio~557058:fbaec0fe-b197-42e4-bce4-93727edf7519~Step Up Authentication State Diagram.tmp (application/vnd.jgraph.mxfile)
Step Up Authentication State Diagram (application/vnd.jgraph.mxfile)
Step Up Authentication State Diagram.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.png (image/png)
plantuml_1663017883175 (text/plain)
plantuml_1663017883175.svg (image/svg+xml)
plantuml_1663017883175.png (image/png)