[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Taler] KYC support in GNU Taler (Part 2)
|
From: |
Christian Grothoff |
|
Subject: |
[Taler] KYC support in GNU Taler (Part 2) |
|
Date: |
Thu, 16 Nov 2023 13:14:00 +0100 |
|
User-agent: |
Mozilla Thunderbird |
Dear all,
NLnet has generously decided to support the work of Taler Systems SA in
implementing KYC support in GNU Taler. I'm writing to give you an update
on the next milestones.
https://docs.taler.net/taler-exchange-manual.html#oauth-2-0-specifics
in the exchange operator manual describes how an exchange operator would
configure the OAuth 2.0 KYC plugin. The following two sections explain
how to configure two (sadly proprietary) KYC providers that are also
supported. All of these providers use a "CONVERTER_HELPER" which serves
to convert the KYC data returned by these providers into the Taler
format. This is needed as all three choices can basically be used to
collect and validate arbitrary attributes about the user. In the
OAuth2.0 case this depends on the OAuth2.0 service, while the two
proprietary providers support configuring different forms or templates
for data collection. Depending on these forms, the CONVERTER_HELPER
programs are JSON-to-JSON transformers that convert the data delivered
by the KYC provider into the Taler format. "taler-exchange-kyc-*.sh"
scripts are provided that perform this conversion. In some cases, these
scripts download and encode additional data (like passport images) as well.
The GNU Taler Challenger service
(https://docs.taler.net/taler-challenger-manual.html) is a compatible
OAuth2.0 provider that can be used to validate phone numbers, e-mail
addresses or postal addresses. It works with the OAuth2.0 KYC plugin
described above. In principle, the Challenger service can be extended to
validate any address to which a TAN code can be sent. It uses
customizable HTML forms and helpers scripts to send the e-mail, SMS or
physical mail with the TAN codes.
A simple demonstrator (with one of the KYC providers set up, I tend to
switch them around, so which one you get may vary) is (sometimes)
available at https://bank.taler.grothoff.org/. You will be forced to
pass the KYC check if you try to withdraw more than 5 STATER. Note that
the wallet UX may still not yet be optional, doing that nicely is
another milestone. However, it should work, but you probably have to
select the "pending" withdraw transaction manually to get the link to
the KYC process.
Now for those that really want to read code:
* Challenger implementation is at
https://git.taler.net/challenger.git/
* KYC plugins for all 3 providers and sample conversion scripts are at
https://git.taler.net/exchange.git/tree/src/kyclogic
Next steps (I will post here when ready):
* AML support (needs testing)
* Auditor support (in principle done, needs more testing)
* Work on wallet/merchant integrations (WiP)
Feedback welcome!
Happy hacking!
Christian
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Taler] KYC support in GNU Taler (Part 2),
Christian Grothoff <=