commit 0cc1b6d6db6c329cfc1357cbc892006e8fd684d1
parent bf90e0b4293afc6eb5c871c371416f1734443267
Author: Joel-Haeberli <haebu@rubigen.ch>
Date: Mon, 10 Jun 2024 11:27:57 +0200
docs: enhance
Diffstat:
10 files changed, 110 insertions(+), 189 deletions(-)
diff --git a/docs/content/abstract.tex b/docs/content/abstract.tex
@@ -1 +1 @@
-This thesis develops and implements a framework that allows for cashless withdrawals using GNU Taler, with the objective of increasing the easy onboarding and acceptance of GNU Taler as payment system. Currently, the GNU Taler permits the withdrawal of digital cash using different means of payment. However, GNU Taler currently lacks the possibility using cashless payment means such as credit cards to withdraw digital cash. To address this gap, this thesis introduces a novel component, called cashless2ecash (C2EC), which establishes a reliable connection between the Taler ecosystem and payment service provider's terminals. The reference implementation establishes the process between the payment service provider Wallee and the GNU Taler Exchange through a newly created component, designated as C2EC. The implemented process guarantees the finality of the transaction to the GNU Taler Exchange and the terminal operator: The finality enables the withdrawal of digital cash using GNU Taler without the use of cash. The liability for the transaction is borne by the payment service provider, which assumes the guarantees for the GNU Taler Exchange.
-\ No newline at end of file
+This thesis develops and implements a framework that allows for cashless withdrawals using GNU Taler, with the objective of increasing the easy onboarding and acceptance of GNU Taler as payment system. Currently, the GNU Taler payment system permits the withdrawal of digital cash using different means of payment. However, GNU Taler currently lacks the possibility using cashless payment means such as credit cards to withdraw digital cash. To address this gap, this thesis introduces a novel component, called cashless2ecash (C2EC), which establishes a reliable connection between the Taler ecosystem and payment service provider's terminals. The reference implementation establishes the process between the payment service provider Wallee and the GNU Taler Exchange through C2EC, implementing the new Terminals API. The implemented process guarantees the finality of the transaction to the GNU Taler Exchange and the terminal operator. The finality enables the withdrawal of digital cash using GNU Taler without the use of cash. The liability for the transaction is borne by the payment service provider, which assumes the guarantees for the GNU Taler Exchange.
+\ No newline at end of file
diff --git a/docs/content/implementation/a-terminal-api.tex b/docs/content/implementation/a-terminal-api.tex
@@ -14,13 +14,6 @@ The C2EC Terminals API implements following endpoints:
The C2EC component does not implement the \texttt{/quotas/*} endpoints, since those are not relevant for the withdrawal using a payment terminal. Quotas are possibly checked by the payment service provider.
-% \begin{figure}[h]
-% \centering
-% \includegraphics[width=0.7\textwidth]{pictures/diagrams/terminals-api.png}
-% \caption{Terminals API endpoints}
-% \label{fig-diagram-terminals-api-sequence}
-% \end{figure}
-
\textbf{Configuration (/config)}
This endpoint returns the configuration for the respective terminal. To support multi-provider setup, the respective provider is read from the basic-auth credentials \autoref{sec-terminal-api-auth}. This means that the configuration response will be different when requesting the endpoint using a terminal from provider A than requesting from a terminal of provider B. This configuration also supplies the base fees of the Exchange operator. These fees shall be communicated to the customer on the terminal and must be added to the withdraw amount. These fees are only the Exchange fees. The payment service provider might want to add their own (see \autoref{sec-implementation-fees}).
diff --git a/docs/content/implementation/b-terminal.tex b/docs/content/implementation/b-terminal.tex
@@ -143,9 +143,11 @@ The first phase are abortions \textit{before} the payment is authorized. In this
When the transaction was authorized, the process is a little bit more complex. The customer has two possibilities. The first one is automatically covered with the given implementation, while the second is not guaranteed and needs manual interaction of the customer with the Taler Exchange operator.
\textbf{Wait for automatic refund due to closing of the reserve}
+
The Taler Exchange configures a duration for which a reserve is kept open (and can be withdrawn). When the configured duration exceeds the reserve is closed autmatically and the money transferred back to the customer. In the case of Wallee payments, this is realized through a refund request at the provider backend upon receiving a transfer request at the wire-gateway API \autoref{sec-implementation-wire-gateway-api} of the C2EC component.
\textbf{Manual request to refund money}
+
Depending on the operator of the Taler Exchange it might be possible to somehow manually trigger a refund and get back the money spent for the withdrawal.
\subsection{Fulfilling Transactions}
diff --git a/docs/content/implementation/e-testing.tex b/docs/content/implementation/e-testing.tex
@@ -5,3 +5,19 @@ Since the program leverages concurrency and parallizes work a simulation client
Besides the automated tests, using the above mentioned simulation, unit tests were implemented for parsing, formatting and encoding functions. Additionally manual test were fulfilled to ensure the system behaves correctly. To test the wire-gateway API, the \textit{taler-exchange-wire-gateway-client} \cite{taler-exchange-wire-gateway-client} facility was used supplied by GNU Taler to verify the correct functioning of the API.
In the end to approve the process, manual tests were executed. During this phase a few bugs were discovered which were not known before. After resolving them the system was ready to issue digital cash to the customer. During this phase tests were made with various means of payment: credit card, debit card, apple wallet (credit card). Also the withdrawal was tested using the IOS and Android version of the Taler wallet. Both platforms are working as expected.
+
+\subsection{Wallee Test System}
+
+The testsystem of Wallee has some behavioral specialities. The system will process payments based on the amount. After a short conversion with Wallee it was learned that following amounts will lead to approved payments:
+
+\begin{enumerate}
+ \item[] 3.00 - Approved
+ \item[] 4.00 - Approved
+ \item[] 5.00 - Approved
+ \item[] 6.00 - Approved
+ \item[] 7.00 - Approved
+ \item[] 8.00 - Approved
+ \item[] 9.00 - Approved
+\end{enumerate}
+
+It appears that also other amounts will be approved but they were not listed by Wallee. The amounts in the list above are guaranteed to be approved.
diff --git a/docs/content/introduction/introduction.tex b/docs/content/introduction/introduction.tex
@@ -17,13 +17,13 @@ To address this communication gap, this thesis introduces a new component, calle
Designing the user-experience along established patterns will lead to a better uptake of GNU Taler by enabling money to flow from existing payment systems into GNU Taler's digital cash.
\section{Perspectives}
-To allow a more concise view on the system and to support the readers and implementer, two perspectives shall be kept in mind. They have different views on the process but need to interact with each other seamlessly.
+To support readers and implementers, three perspectives shall be kept in mind. They have different views on the process but need to interact with each other seamlessly.
\subsection{Taler Exchange (C2EC)}
-The perspective of the Taler Exchange includes all processes within C2EC component and the interaction with the terminal application, terminal backend and the wallet of the user. The Taler Exchange wants to allow withdrawal of digital digital cash only to users who pay the equivalent value to the Exchange. The Exchange wants to stay out of any legal implications at all costs. Fees must be considered, since the withdrawal process is a service which costs the payment service provider money in form of integration and maintenance efforts. To cover its costs, the provider might want to add some fees on the withdrawal.
+The perspective of the Taler Exchange includes all processes within C2EC component including the interfaces for the terminal application, terminal backend and the wallet of the customer. The Taler Exchange wants to allow withdrawal of digital digital cash only to users who pay the equivalent value to the Exchange. For this the Taler Exchange must make sure the payment is final on the side of the payment service provider. Otherwise the Exchange is at risk of loosing money.
\subsection{Terminal Application}
-The perspective of the terminal application includes all processes within the application which interacts with the user, their wallet and credit card allowing the withdrawal of digital cash. The terminal application wants to conveniently allow the withdrawal of digital cash and charge fees to cover its costs and risks.
+The perspective of the terminal application includes all processes within the application which interacts with the user, their wallet and credit card allowing the withdrawal of digital cash. The terminal application wants to conveniently allow the withdrawal of digital cash. Fees must be considered, since the withdrawal process is a service which costs the payment service provider money in form of integration and maintenance efforts. To cover its costs, the provider might want to add some fees on the withdrawal.
\subsection{Taler Wallet}
The wallet holds the digital cash owned by the customer. The wallet wants to eventually collect the digital cash from the Taler Exchange.
diff --git a/docs/content/results/discussion.tex b/docs/content/results/discussion.tex
@@ -12,7 +12,7 @@ Fees are a central aspect of the process and decide wether the implementation ca
Towards the end of the implementation it became obvious that a simple authorization was not enough to imitate the real time feeling of the withdrawal. Other requests were necessary to do so. To findout which requests needed to be filed against the Wallee backend some investigation had to be made. The documentation does explain which states exists in Wallee's transaction scheme but does not explain, which operation must be triggered to transition states. This made the investigation somewhat cumbersome. Also the integration of the backend needed more investigation than assumed. This also led to the
-Our work makes a faster uptake of GNU Taler possible. Potential customers will not need a bank account or other things to withdraw digital cash. They can now use C2EC and the terminal app for Wallee to withdraw digital cash using GNU Taler.
+The new cashless approach to withdraw digital cash makes a faster uptake of GNU Taler possible. Potential customers will only need a supported payment mean to withdraw digital cash. They can now use C2EC and the terminal app for Wallee to withdraw digital cash using GNU Taler.
\section{Limitations And Future Work}
diff --git a/docs/pictures/diagrams/c2ec.png b/docs/pictures/diagrams/c2ec.png
Binary files differ.
diff --git a/docs/project.bib b/docs/project.bib
@@ -2,7 +2,8 @@
author = {GNU Taler},
title = {GNU Taler User Guide},
url = {https://docs.taler.net/taler-user-guide.html},
- howpublished = {\url{https://docs.taler.net/taler-user-guide.html}}
+ howpublished = {\url{https://docs.taler.net/taler-user-guide.html}},
+ note = {Accessed: 2024-06-10}
}
@misc{panetta-speech-march-30,
@@ -14,7 +15,8 @@
speech-location = {Brussel, Committee on Economic and Monetary Affairs of the European Parliament},
title = {A digital euro that serves the needs of the public: striking the right balance},
url = {https://www.ecb.europa.eu/press/key/date/2022/html/ecb.sp220330_1~f9fa9a6137.en.html},
- howpublished = {\url{https://www.ecb.europa.eu/press/key/date/2022/html/ecb.sp220330_1~f9fa9a6137.en.html}}
+ howpublished = {\url{https://www.ecb.europa.eu/press/key/date/2022/html/ecb.sp220330_1~f9fa9a6137.en.html}},
+ note = {Accessed: 2024-06-10}
}
@misc{study-new-digital-payment-methods,
@@ -24,23 +26,7 @@
month = {March},
url = {https://www.ecb.europa.eu/euro/digital_euro/investigation/profuse/shared/files/dedocs/ecb.dedocs220330_report.en.pdf},
howpublished = {\url{https://www.ecb.europa.eu/euro/digital_euro/investigation/profuse/shared/files/dedocs/ecb.dedocs220330_report.en.pdf}},
-}
-
-@misc{srf-espresso-cc-fraud,
- author = {Peter Fritsche},
- year = {2022},
- month = {April},
- title = {Keine Rückerstattung bei «verifizierten» Geldbezügen},
- url = {https://www.srf.ch/news/panorama/kreditkarten-betrug-keine-rueckerstattung-bei-verifizierten-geldbezuegen},
- howpublished = {\url{https://www.srf.ch/news/panorama/kreditkarten-betrug-keine-rueckerstattung-bei-verifizierten-geldbezuegen}}
-}
-
-@misc{cc-fraud-types,
- author = {Stadtpolizei Zürich, Kommissariat Prävention},
- title = {Betrugsarten},
- url = {https://www.card-security.ch/betrugsarten/},
- howpublished = {\url{https://www.card-security.ch/betrugsarten/}}
-
+ note = {Accessed: 2024-06-10}
}
@book{katz2020introduction,
@@ -57,56 +43,64 @@
author = {PCI Security Standards Council},
title = {PCI Data Security Standard},
url = {https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf},
- howpublished = {\url{https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf}}
+ howpublished = {\url{https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf}},
+ note = {Accessed: 2024-06-10}
}
@misc{wallee-till-sdk,
author = {Wallee},
title = {Android Till SDK},
url = {https://github.com/wallee-payment/android-till-sdk},
- howpublished = {\url{https://github.com/wallee-payment/android-till-sdk}}
+ howpublished = {\url{https://github.com/wallee-payment/android-till-sdk}},
+ note = {Accessed: 2024-06-10}
}
@misc{wallee-transaction-process,
author = {Wallee},
title = {Transaction States},
url = {https://app-wallee.com/de-de/doc/payment/transaction-process},
- howpublished = {\url{https://app-wallee.com/de-de/doc/payment/transaction-process}}
+ howpublished = {\url{https://app-wallee.com/de-de/doc/payment/transaction-process}},
+ note = {Accessed: 2024-06-10}
}
@misc{wallee-pcidss-compliance,
author = {Wallee},
title = {Transaction States},
url = {https://app-wallee.com/de-de/doc/payment},
- howpublished = {\url{https://app-wallee.com/de-de/doc/payment}}
+ howpublished = {\url{https://app-wallee.com/de-de/doc/payment}},
+ note = {Accessed: 2024-06-10}
}
@misc{wallee-transaction-service-docs,
author = {Wallee},
title = {Transaction Service},
url = {https://app-wallee.com/de-de/doc/api/web-service#transaction-service},
- howpublished = {\url{https://app-wallee.com/de-de/doc/api/web-service#transaction-service}}
+ howpublished = {\url{https://app-wallee.com/de-de/doc/api/web-service#transaction-service}},
+ note = {Accessed: 2024-06-10}
}
@misc{wallee-refund-service-docs,
author = {Wallee},
title = {Refund Service},
url = {https://app-wallee.com/de-de/doc/api/web-service#refund-service},
- howpublished = {\url{https://app-wallee.com/de-de/doc/api/web-service#refund-service}}
+ howpublished = {\url{https://app-wallee.com/de-de/doc/api/web-service#refund-service}},
+ note = {Accessed: 2024-06-10}
}
@misc{wallee-available-connectors,
author = {Wallee},
title = {Payment Connectors},
url = {https://app-wallee.com/connectors},
- howpublished = {\url{https://app-wallee.com/connectors}}
+ howpublished = {\url{https://app-wallee.com/connectors}},
+ note = {Accessed: 2024-06-10}
}
@misc{wallee-api-authentication,
author = {Wallee},
title = {Authentication},
url = {https://app-wallee.com/en-us/doc/api/web-service#_authentication},
- howpublished = {\url{https://app-wallee.com/en-us/doc/api/web-service#_authentication}}
+ howpublished = {\url{https://app-wallee.com/en-us/doc/api/web-service#_authentication}},
+ note = {Accessed: 2024-06-10}
}
@article{zeit-cashback,
@@ -211,84 +205,60 @@
abstract = {This document defines the "Basic" Hypertext Transfer Protocol (HTTP) authentication scheme, which transmits credentials as user-id/ password pairs, encoded using Base64.},
}
-@misc{fips-180-4,
- author = {Quynh Dang},
- title = {Secure Hash Standard},
- year = {2015},
- month = {2015-08-04},
- publisher = {Federal Inf. Process. Stds. (NIST FIPS), National Institute of Standards and Technology, Gaithersburg, MD},
- doi = {https://doi.org/10.6028/NIST.FIPS.180-4},
- language = {en},
-}
-
-@misc{fips-202,
- author = { National Institute of Standards and Technology },
- title = {SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions},
- url = {https://doi.org/10.6028/NIST.FIPS.202},
- howpublished = {\url{https://doi.org/10.6028/NIST.FIPS.202}},
-}
-
@misc{gnunet-gana,
author = {GNUnet Project},
title = {The GNUnet Assigned Numbers Authority (GANA)},
url = {https://gana.gnunet.org/},
- howpublished = {\url{https://gana.gnunet.org/}}
+ howpublished = {\url{https://gana.gnunet.org/}},
+ note = {Accessed: 2024-06-10}
}
@misc{taler-bank-integration-api,
author = {Taler},
title = {Taler Bank Integration API},
url = {https://docs.taler.net/core/api-bank-integration.html},
- howpublished = {\url{https://docs.taler.net/core/api-bank-integration.html}}
+ howpublished = {\url{https://docs.taler.net/core/api-bank-integration.html}},
+ note = {Accessed: 2024-06-10}
}
@misc{taler-wire-gateway-api,
author = {Taler},
title = {Taler Wire Gateway HTTP API},
url = {https://docs.taler.net/core/api-bank-wire.html},
- howpublished = {\url{https://docs.taler.net/core/api-bank-wire.html}}
+ howpublished = {\url{https://docs.taler.net/core/api-bank-wire.html}},
+ note = {Accessed: 2024-06-10}
}
@misc{taler-wire-gateway-api-authentication,
author = {Taler},
title = {Taler Wire Gateway HTTP API},
url = {https://docs.taler.net/core/api-bank-wire.html#authentication},
- howpublished = {\url{https://docs.taler.net/core/api-bank-wire.html#authentication}}
-}
-
-@misc{taler-bank-core-authentication,
- author = {Taler},
- title = {Authentication},
- url = {https://docs.taler.net/core/api-corebank.html#authentication},
- howpublished = {\url{https://docs.taler.net/core/api-corebank.html#authentication}}
+ howpublished = {\url{https://docs.taler.net/core/api-bank-wire.html#authentication}},
+ note = {Accessed: 2024-06-10}
}
@misc{taler-terminal-api,
- author = {Taler},
- howpublished = {\url{https://docs.taler.net/core/api-terminal.html}},
- title = {Terminal API},
- url = {https://docs.taler.net/core/api-terminal.html}
-}
-
-@misc{taler-design-document-49,
- author = {Taler},
- title = {Authentication},
- url = {https://docs.taler.net/design-documents/049-auth.html},
- howpublished = {\url{https://docs.taler.net/design-documents/049-auth.html}}
+ author = {Taler},
+ howpublished = {\url{https://docs.taler.net/core/api-terminal.html}},
+ title = {Terminal API},
+ url = {https://docs.taler.net/core/api-terminal.html},
+ note = {Accessed: 2024-06-10}
}
@misc{nginx-reverse-proxy,
author = {NGINX},
title = {NGINX Reverse Proxy},
url = {https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/},
- howpublished = {\url{https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/}}
+ howpublished = {\url{https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/}},
+ note = {Accessed: 2024-06-10}
}
@misc{wallet-withdrawal,
author = {Taler},
title = {Withdrawal},
url = {https://docs.taler.net/taler-wallet.html#withdrawal},
- howpublished = {\url{https://docs.taler.net/taler-wallet.html#withdrawal}}
+ howpublished = {\url{https://docs.taler.net/taler-wallet.html#withdrawal}},
+ note = {Accessed: 2024-06-10}
}
@techreport{taler-uri-scheme-rfc,
@@ -311,59 +281,40 @@
author = {Taler},
title = {taler-exchange-wire-gateway-client},
url = { https://docs.taler.net/manpages/taler-exchange-wire-gateway-client.1.html},
- howpublished = {\url{https://docs.taler.net/manpages/taler-exchange-wire-gateway-client.1.html}}
+ howpublished = {\url{https://docs.taler.net/manpages/taler-exchange-wire-gateway-client.1.html}},
+ note = {Accessed: 2024-06-10}
}
@misc{taler-bank-gls,
author = {GLS Bank},
title = {Taler - die Zukunft des digitalen, sicheren und nachhaltigen Bezahlens},
url = {https://www.gls.de/privatkunden/taler},
- howpublished = {\url{https://www.gls.de/privatkunden/taler}}
+ howpublished = {\url{https://www.gls.de/privatkunden/taler}},
+ note = {Accessed: 2024-06-10}
}
@misc{postgres-notify,
author = {PostgreSQL},
title = {NOTIFY},
url = {https://www.postgresql.org/docs/current/sql-notify.html},
- howpublished = {\url{https://www.postgresql.org/docs/current/sql-notify.html}}
+ howpublished = {\url{https://www.postgresql.org/docs/current/sql-notify.html}},
+ note = {Accessed: 2024-06-10}
}
@misc{postgres-listen,
author = {PostgreSQL},
title = {LISTEN},
url = {https://www.postgresql.org/docs/current/sql-listen.html},
- howpublished = {\url{https://www.postgresql.org/docs/current/sql-listen.html}}
+ howpublished = {\url{https://www.postgresql.org/docs/current/sql-listen.html}},
+ note = {Accessed: 2024-06-10}
}
@misc{golang-crypto-rand,
author = {Golang Doc},
title = {rand},
url = {https://pkg.go.dev/crypto/rand},
- howpublished = {\url{https://pkg.go.dev/crypto/rand}}
-}
-
-@misc{golang-contexts-and-structs,
- author = {Jean de Klerk, Matt T. Proud},
- title = {Contexts and structs},
- year = {2021},
- month = {February},
- day = {24},
- url = {https://go.dev/blog/context-and-structs},
- howpublished = {\url{https://go.dev/blog/context-and-structs}}
-}
-
-@misc{golang-share-by-communicating,
- author = {Go},
- title = {Share by communicating},
- url = {https://go.dev/doc/effective_go#sharing},
- howpublished = {\url{https://go.dev/doc/effective_go#sharing}},
-}
-
-@misc{golang-goroutines,
- author = {Go},
- title = {Goroutines},
- url = {https://go.dev/doc/effective_go#goroutines},
- howpublished = {\url{https://go.dev/doc/effective_go#goroutines}},
+ howpublished = {\url{https://pkg.go.dev/crypto/rand}},
+ note = {Accessed: 2024-06-10}
}
@misc{crockford,
@@ -371,43 +322,7 @@
title = {Base 32},
url = {https://www.crockford.com/base32.html},
howpublished = {\url{https://www.crockford.com/base32.html}},
-}
-
-@book{loosley-coupled,
- author = {Kaye, Doug},
- title = {Loosely Coupled: The Missing Pieces of Web Services},
- year = {2003},
- isbn = {1881378241},
- publisher = {RDS Press},
- doi = {10.5555/996526}
-}
-
-@article{ieee-soa-architecture-patterns,
- author = {Stal, Michael},
- title = {Using Architectural Patterns and Blueprints for Service-Oriented Architecture},
- year = {2006},
- issue_date = {March 2006},
- publisher = {IEEE Computer Society Press},
- address = {Washington, DC, USA},
- volume = {23},
- number = {2},
- issn = {0740-7459},
- abstract = {Some experts view service-oriented architecture simply as a stack of XML Web services protocols. From a more conceptual point of view, however, SOA represents a paradigm consisting of a set of architectural principles for building loosely coupled software systems. Actually, the SOA paradigm applies not only to XML Web services but also to other technologies such as email clients and servers and message-oriented middleware. Software patterns can express almost all architecture principles that span SOA technologies. This architecture-centric approach offers the means to understand service-oriented infrastructures and to build SOA applications that meet operational and developmental properties. Additionally, best practice pattern systems and catalogs can be derived from these architectural principles to illustrate how to implement SOA applications effectively and efficiently. Last but not least, an architectural description of SOA helps to change or extend the paradigm when necessary--for example, to address additional problems such as the support of integrative and adaptive SOA approaches.This article is part of a special issue on software architecture.},
- journal = {IEEE Softw.},
- month = {mar},
- pages = {54–61},
- numpages = {8},
- keywords = {Distributed Applications, Distributed Objects, Middleware/Business Logic, Patterns, Software Architecture},
- doi = {10.5555/1128592.1128710}
-}
-
-@book{event-driven-architecture,
- author = {Rocha, Hugo},
- year = {2022},
- month = {01},
- title = {Practical Event-Driven Microservices Architecture: Building Sustainable and Highly Scalable Event-Driven Microservices},
- isbn = {978-1-4842-7467-5},
- doi = {10.1007/978-1-4842-7468-2}
+ note = {Accessed: 2024-06-10}
}
@misc{app-jetpack-compose,
@@ -415,6 +330,7 @@
title = {Build better apps faster with Jetpack Compose},
url = {https://developer.android.com/develop/ui/compose},
howpublished = {\url{https://developer.android.com/develop/ui/compose}},
+ note = {Accessed: 2024-06-10}
}
@misc{app-viewmodel,
@@ -422,6 +338,7 @@
title = {ViewModel overview},
url = {https://developer.android.com/topic/libraries/architecture/viewmodel},
howpublished = {\url{https://developer.android.com/topic/libraries/architecture/viewmodel}},
+ note = {Accessed: 2024-06-10}
}
@misc{app-navigation,
@@ -429,6 +346,7 @@
title = {Navigation},
url = {https://developer.android.com/guide/navigation},
howpublished = {\url{https://developer.android.com/guide/navigation}},
+ note = {Accessed: 2024-06-10}
}
@misc{password-competition-argon2,
@@ -436,26 +354,13 @@
title = {Password Hashing Competition},
url = {https://www.password-hashing.net},
howpublished = {\url{https://www.password-hashing.net}},
-}
-
-@misc{owasp-threat-modeling-project,
- author = {OWASP Threat Modeling Project},
- title = {OWASP Threat Modeling Project},
- url = {https://owasp.org/www-project-threat-model/},
- howpublished = {\url{https://owasp.org/www-project-threat-model/}},
-}
-
-@misc{owasp-threat-modeling-stride,
- author = {OWASP Cheat Sheet Series},
- title = {Threat Identification},
- url = {https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html#threat-identification},
- howpublished = {\url{https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html#threat-identification}},
+ note = {Accessed: 2024-06-10}
}
@book{fauser,
author={Bruno Fauser},
title={Träumen von einer besseren Welt},
- publisher={Bruno Fauser, Hinterkappelen, fauser.ch},
+ publisher={Cartoonist Bruno Fauser, Hinterkappelen, fauser.ch},
year={2023},
}
@@ -464,5 +369,6 @@
title ={NGI TALER},
url ={https://taler.net/en/ngi-taler.html},
howpublished ={\url{https://taler.net/en/ngi-taler.html}},
+ note = {Accessed: 2024-06-10}
}
diff --git a/docs/thesis.pdf b/docs/thesis.pdf
Binary files differ.
diff --git a/specs/c2ec.plantuml b/specs/c2ec.plantuml
@@ -1,6 +1,6 @@
@startuml
-actor User as "User (with Credit Card)"
+actor User as "Customer (with credit card)"
participant Wallet
participant C2EC
participant Exchange
@@ -9,35 +9,39 @@ participant Terminal
actor TerminalOwner as "Terminal Owner"
Terminal -> Terminal: configures Exchanges
-User -> TerminalOwner: "Hi, I want to withdraw 20 CHF using Taler with my Credit Card"
-TerminalOwner -> Terminal: start Taler Withdrawal Application and enters amount
-Terminal -> C2EC: (0) Setup Withdrawal
-C2EC -> C2EC: Generate WOPID
-C2EC -> Terminal: Withdrawal setup response (WOPID)
-Terminal -> C2EC: Start long polling (WOPID)
+User -> TerminalOwner: "Hi, I want to withdraw 20 CHF using Taler with my credit card"
+TerminalOwner -> Terminal: selects Exchange and enters amount
+Terminal -> Terminal: show summary with fees (optional)
+Terminal -> C2EC: (0) setup withdrawal
+C2EC -> C2EC: generate WOPID
+C2EC -> Terminal: withdrawal setup response (WOPID)
+Terminal -> Terminal: create QR code (WOPID, Exchange, amount)
+Terminal -> C2EC: start long polling (WOPID)
activate C2EC
-Terminal -> Terminal: Create QR code (WOPID, Exchange, Amount)
-Terminal -> Wallet: (1) Scan QR code
+Terminal -> Wallet: (1) scan QR code
activate Wallet
-Wallet -> Wallet: If ToS for Exchange not yet accepted, do here.
-Wallet -> Wallet: Create Reserve Key-Pair
-Wallet -> C2EC: (2) Register reserve public key
-C2EC -> C2EC: Link WOPID to reserve public key
-C2EC --> Terminal: (3) End long polling (selected)
+Wallet -> Wallet: if ToS for Exchange not yet accepted, do here.
+Wallet -> Wallet: create reserve key-pair
+Wallet -> C2EC: (2) register reserve public key
+C2EC -> C2EC: link WOPID to reserve public key
+C2EC --> Terminal: (3) end long polling (selected)
deactivate C2EC
-Terminal -> Terminal: Show summary with Fees (optional)
-User -> Terminal: (4) Approve and authorize transaction
-Terminal -> TerminalBackend: (5) Execute transaction
+User -> Terminal: (4) approve and authorize transaction
+Terminal -> TerminalBackend: (5) execute transaction
TerminalBackend --> Terminal: (6) transaction response (success/failure)
-Terminal -> C2EC: (7) Send Confirmation Request (SUCCESS)
-C2EC -> TerminalBackend: (8) Verify transaction
-alt transaction successful
- C2EC -> C2EC: (9a) confirm withdrawal
- Exchange -> C2EC: (10) get transaction history
- Exchange -> Exchange: Create Reserve with amount and reserve public key.
- Wallet -> Exchange: (11) Withdraw digital cash when reserve is ready
- deactivate Wallet
-else transaction not successful
- C2EC -> C2EC: (9b) abort withdrawal
+Terminal -> C2EC: (7) send confirmation request
+alt authorization successful
+C2EC -> TerminalBackend: (8) verify transaction
+ alt payment confirmed
+ C2EC -> C2EC: (9a) confirm withdrawal
+ Exchange -> C2EC: (10) get transaction history
+ Exchange -> Exchange: Create Reserve with amount and reserve public key.
+ Wallet -> Exchange: (11) Withdraw digital cash when reserve is ready
+ deactivate Wallet
+ else payment not confirmed
+ C2EC -> C2EC: (9b) abort withdrawal
+ end
+else authorization not successful
+ Terminal -> C2EC: abort withdrawal
end
@enduml
