Weekly Summary - 7th & 12th NOV 2016

[peeyush-tm]

There's an emoji for 🆔 😄

MoM - MON - 7th NOV 2016

Updates: Week Wise Plan

Week 1

Widget base is <-> Entity of Veris Platform

1. 🔜 Move useful APIs to ACTION, RULE
2. 🔜 Define DATA-IN, DATA-OUT, for
   1. Rule
   2. Action
   3. Widgets
   4. Default Action
   5. Default Rules
   6. Default Permissions
3. ✅ Complete the basic widgets
4. ✅ Define standards for communication between backend and clients (widgets)
5. ✅ Week 1, basically is, define standards for everything and constantly evaluate the standards

MON - 7th NOV 2016

[VEP]

• Touchless Gesture based interaction with Veris Terminal

[Updates]

• ✅ Interaction with the Widgets
• ℹ - Define System Components - Widgets, Permissions, Scope, Rules, Actions
• ℹ - Guard Pin & MFA
• ❓ - Login/Logout should be a widget

TUE - 8th NOV 2016

[VEP]

• React Fold View - as invites & request invites
• Standard icon sets - for veris developers - icomoon
• Web-Bluetooth
• Physical Web - Terminal & User
• PWA - Progressive Web Apps
• Dynamic Widgets - The Veris Instant Apps

[Updates]

• ✅ Screen Types - Admin/ Secured, Normal, Dashboard, Summary
• ✅ Design of required data for Widgets
• ✅ Screen Actions [next, back, cancel, reset, close, open] - responsible for the data sync and are controlled by Veris (developer can ask to override)
• ✅ Extended Widget States - [init, partial, resolved]
• ✅ Widget States & State Design Template
• ✅ Either - Or widgets
• ✅ Screen Color - Main Area
• ✅ Invite and Calendar Widgets
• ✅ Portrait and Landscape Rendering of the Screens
• ❓ Fragments v/s Views

WED - 9th NOV 2016

[Updates]

• ✅ Widget - Request & Response - cycle
• ❗ [W] / [A] / [R] - Widget / Action / Rules
• ❗ [W] / [A] / [R] - Config & Data Definition
• 🆔 ✅ ID for everything - [W] / [Org] / [Member] / [User]
• 🔥⭐ live.veris.in - must remain as it is
  • seperate apps for live.veris.in (new apps - with widgets & existing apps - as they are)
  • customer can choose to switch between new and old
• ⭐ Veris Enterprise - The new V3
  • will have whole another set of apps for enterprise
  • these apps would be 100% Veris Runtime Based Apps - and compiled with widgets

THU - 10th NOV 2016

Extremely Useful references -

• Ory-AM
  • AWS - access policies
  • https://github.com/ory-am/ladon
  • http://docs.hdyra.apiary.io/
  • Okta - Widgets & MFA
    • http://developer.okta.com/use_cases/authentication/
    • MFA - http://developer.okta.com/use_cases/mfa/
    • MFA - http://developer.okta.com/docs/api/resources/factors.html
  • Login/ ID as Widget
    • Lock - https://auth0.com/docs/libraries/lock
    • SignIN - http://developer.okta.com/code/javascript/okta_sign-in_widget_ref

[Updates]
-❗MFA as a service & only an added security parameter - [Factors Okta]
-❗Widget App Store - Admin chooses to add the widget and will have total control over the information exchanged by the widget.
-✅ Widget Types [custom hybrid, custom native (veris verified), static, base, dynamic, enterprise]
❗[W] / [A] / [R]

• Backend [W] - is the gatekeeper of the Widgets running at the Client Side
• Frontend [W] - is not dependent on the Action and Rules at the Backend
  -❗Operations - Platform Expression Language to Python Code
  -❗Data Types - platform data types (not python code) - part of expression language
  -❗Conditions - Platform conditions (not python code) - part of expression language
  Required configuration has to be allowed by the Organization Admin, if he wants to use the widget else widget will not work
  -❗Sync and Async Actions
  -❗Organization & Members
  -❗Access Management as a Service
  -❗⭐: think of the widgets as apps & widget store as app store
  • widgets must follow strict guidelines
  • widgets will always be reviewed by Veris
  • widgets will be added by an Admin to his organization's Enterprise Veris Client (web, ios,
    android, enterprise user app, enterprise portal, enterprise terminal)

MoM - FRI - 11th NOV 2016

👻 What is dead may never die ! ( live.veris.in )

FRI - 11th NOV 2016

Enterprise Veris ( Id /+/ AM ) - as a service

• [ ID ] - the Actor (Who)
• [ AM ] - Access Management ( Ability )
• [ Action ] - what will be done ( What )
• [ Resource ] the resource ( Something )
• [ Data-IN/ Data-Out/ Config/ Trust ] - the Context

Who is able to do what on something given some context.
Ultimately: Provide a Trust Score for any [ ID ].

Modules that are Extendible and are provided as-a-service:

• MFA
  • google authenticator
  • duo
  • sms
  • pin
  • guard pin
  • secret question
• ID
  • Enterprise ID
  • Social ID
• AM
  • Some Policy server
  • Code (Not only QR) ( sort of like QR but Awesome 😄 )
• User Profile
  • Membership
• Custom Apps (should have been built by someone else)
  • Invites

We keep updating the Trust Score for:

• Organization
• Widgets
• Users
• Members
• Veris Clients

SAT - 12th NOV 2016

Who is able to do what on something given some context.

[Updates]

• ✅ Rules - Compilation of Conditions / Operations
  • Use for Data Enrichment & Check Conditions
  • Must keep on working (error in, data in)
  • Must provide (error out, data out)
  • Does not care about the Access Management
  • Has data in a standard format (json), already fetched from database. Rules can't call database functions
• Expressions Language
• ✅ Something / Resource - Lists all the Possible Actions that can be taken on a Resource
  it still does not care about the Access Management
  • That is [Who] is [Able] to take [Action] on [Something]
  • The [Something] only cares about [Action]
• 🔥 ⭐Something and Action is protected by the Access Management. Which checks the [Who] and [Able]
• 🔥 Something / Resource - is responsible to interacting with the Data Source
• 🔥 Something defines the Data Model
• 🔥 ⭐ ✅ Something and Action is protected by the Access Management. Which checks the [Who] and [Able]
• Ref Okta - The widgets must have complete process with them, before deployment, the backend will just change the way process will be followed
  • FSM
    • required part does not change
    • optional part changes
  • ⭐ JWT is the standard way of communication
  • ⭐ MFA is a choice of Admin
• Relation between Member & User - Loose
• Members is the only interface an Organization should care about
  • By default the Users are members of Veris Organization
• The Intelligent ID Platform is accessible
  • to the most secure organizations
  • or the organizations the user has granted access to
• No one can Access the User Data
  -❓ how to open User ID Data access cross Organizations
  • it is a choice of user - organizations can request
  • the most secure organizations (as per the veris standards) would be able to access the User ID data
• Platform must never change (rarely), process of data interaction might change
• ⭐ Design principles - http://developer.okta.com/docs/api/getting_started/design_principles.html
  • start with min attributes for all the entities
  • once an attribute has been added - it can never be deleted

---

Ankit Popli \ ND - 👍 Good Work guys, things are extremely clear now. Please check and update the Wikis.

PR - working on the use cases now. Executing the use-cases we will track the changes we need to do in the platform, and will work on minimising those. Use cases should be enabled without ever changing the platform.

Amogh Banta \ Abhinav Anand - The accidental Leads 😄 (please don't mind) - are lead developers for Veris ( 2.x )

**Overall a very productive week ! ** ✨👌

---

[Unrelated updates]

• 500/ 1000/ Modi
• Trump/ USA/ End of the world

to Watch/ Listen

• movies - "invention of lying" / "the big short"
• tv - "westworld"
• podcast (AI) - https://soundcloud.com/startalk/a-conversation-with-ray-kurzweil
• podcast (database) - https://softwareengineeringdaily.com/2016/09/09/ubers-postgres-problems-with-evan-klitzke/
• ted - http://www.ted.com/talks/don_norman_on_design_and_emotion

To Read / Study

• FSM

---

@veris-ankitpopli @veris-neerajdhiman @veris-abhinavanand @veris-amoghbanta -
I am going to move the conversations here and manage features from the doc only.
Asana will have the shortest summary possible.
I hate Asana, can't have long and meaningful conversations there (plus does nosuit well with me, can't use Markdown)