commit 73bad3dd4388a8febc6b63e9709ad773d7419306
parent 4422cfc3edd63bb45c541d098da8b6db780fe7a4
Author: Florian Dold <florian@dold.me>
Date: Mon, 11 Jan 2021 18:20:56 +0100
bank slides: add some LibEuFin draft slides
Diffstat:
1 file changed, 112 insertions(+), 0 deletions(-)
diff --git a/presentations/bank/bank.tex b/presentations/bank/bank.tex
@@ -315,6 +315,118 @@ GNU Taler must ...
\end{frame}
+\section{Integration with the core banking system}
+
+\begin{frame}
+ \vfill
+ \begin{center}
+ {\bf Part ??: Integration with the core banking system}
+ \end{center}
+ \vfill
+\end{frame}
+
+\begin{frame}{Exchange escrow account access}
+The Taler exchange needs communicate with the core banking system \dots
+\begin{itemize}
+ \item to query for transactions into the exchange's escrow account
+ \item to initiate payment of aggregated Taler deposits to merchants
+\end{itemize}
+
+In a Taler deployment, the \emph{Taler Wire Gateway} provides an API to the exchange
+for Taler-specific access to the Exchange's escrow account. Multiple implementations
+of the Taler Wire Gateway exist:
+
+\begin{itemize}
+ \item a self-contained play money demo bank
+ \item LibEuFin, an adapter to EBICS and other protocols
+\end{itemize}
+
+\end{frame}
+
+\begin{frame}{LibEuFin}
+ LibEuFin is a standalone project that provides adapters to bank account
+ access APIs.
+
+ \begin{itemize}
+ \item LibEuFin provides both a generic access layer and an
+ implementation of the Taler Wire Gateway API for the exchange
+ \item currently, only EBICS 2.5 is supported
+ \item other APIs such as FinTS or PSD2-style XS2A APIs can be added
+ without requiring changes to the Exchange
+ \item tested with a GLS business account
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{LibEuFin Concepts}
+ \begin{itemize}
+ \item A LibEuFin \emph{bank connection} is a set of credentials and parameters
+ to talk to the bank's account access API.
+ \item A LibEuFin \emph{bank account} is the information about a bank
+ account (balances, transactions, payment initiations) stored locally
+ within the LibEuFin service. A LibEuFin bank account has a default Bank
+ Connection that is used to communicate with the bank's API.
+ \item A \emph{facade} provides a domain-specific access layer to bank accounts
+ and connections. The \emph{Taler Wire Gateway Facade} implements the
+ API required by the Taler exchange and translates it to operations on the
+ underlying account/connection.
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{LibEuFin Tooling}
+ \begin{itemize}
+ \item \texttt{libeufin-nexus} is the main service
+ \item Almost all configuration (except DB credentials)
+ is stored in the database and managed via a RESTful HTTP API
+ \item \texttt{libeufin-sandbox} implements a toy EBICS host for protocol
+ testing
+ \item \texttt{libeufin-cli} is client for the HTTP API (only implements a subset
+ of available functionality)
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{LibEuFin Setup Overview}
+ \begin{itemize}
+ \item Obtain EBICS subscriber configuration (host URL, host ID, user ID,
+ partner ID) for the Exchange's escrow account
+ \item Deploy the LibEuFin nexus service
+ \item Create a new LibEuFin bank connection (of type \texttt{ebics})
+ \item Export and back up the key material for the bank connection (contains
+ EBICS subscriber configuration and private keys)
+ \item Send subscriber initialization to the EBICS host (electronically)
+ \item Export key letter and activate subscriber in the EBICS host (manually)
+ \item Synchronize the bank connection
+ \item Import the account into LibEuFin
+ \item Create a Taler Wire Gateway facade
+ \item Set up scheduled tasks for ingesting new transactions / sending payment
+ initiations
+ \end{itemize}
+\end{frame}
+
+
+
+\begin{frame}{LibEuFin Implementation Limitations}
+ \begin{itemize}
+ \item LibEuFin is less stable than other Taler components, and future
+ updates might contain breaking changes (tooling, APIs and database
+ schema)
+ \item Fine-grained access control is not implemented yet
+ \item Error handling and recovery is still rather primitive
+ \item The Taler Wire Gateway does not yet implement automatic return
+ transactions when transactions with a malformed subject (i.e. no reserve
+ public key) are received
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{LibEuFin EBICS Limitations}
+ The GLS accounts with EBICs access that we have access to have some limitations:
+ \begin{itemize}
+ \item SEPA Instance Credit Transfers aren't supported yet
+ \item Erroneous payment initiations are accepted by the protocol,
+ but an error message is later sent by paper mail (and not reported
+ by the CRZ download request)
+ \item Limited access to transaction history (3 months)
+ \end{itemize}
+\end{frame}
\section{Operator security considerations}
