User Service
- Version:
- V1 (Jan-2017 To Dec-2018)
- What will Rainmaker accomplish :
- Guidelines :
- Audience:
- User Type:
- Objectives V1:
- Feature List V1:
- Employee/User Flow V1:
- UserService V1.1
- Objective V1.1:
- Feature List For Employee - V1.1
- Feature List For Citizen V1.1:
Context:
The Digit UserService provides information useful for forcing a user to log in or out, and retrieving information about the user who is currently logged-in and what kind of privileges / roles he/she has.
Current User Service forces single tenant user creation, i.e., a user can only belong to one tenant. For example: Citizen can belong to state and employee can belong to particular ULB or City. It also provides authentication and issues/renews auth tokens for use system wide. Citizens can register as users through a self registration flow that supports OTP based registration of mobile numbers.
Version:
V1 (Jan-2017 To Dec-2018)
- V1.1(Jan-2019 To March 2019)
What will Rainmaker accomplish :
- Provide an easy-to-access, easy-to-use one-stop-shop for citizens to Pay, Apply, Inform and Resolve
- Make people accountable and processes transparent - to the citizen and also within the government
- Be easy and fast to deploy - across the government's machinery, across the state
- Be easy for eGov to setup the system - with minimal localization and data migration effort
Guidelines :
- Mobile first - services, info, dashboard and reporting
- Localize - language (app, notifications, tracking, info)
- All-browsers and all-device compatibility
- UX/UI - "aam aadmi" design and not "silicon valley" design
- Accountability of gov employee - never compromise
- Standard Ontology - complaints, feedback, updates etc
- Should work-well in low speed / no speed networks also
Audience:
- Product Managers
- Developers
- Testers
- Co-creation partners
- Implementation Team
- Third Party(TP) integrators
User Type:
DIGIT system has two types of users currently.
- Employee
- Citizen
Objectives V1:
Employee:
- Enable employee to login into DIGIT system.
- Enable employee to access application based on roles.
Citizen:
- Enable citizen to login into DIGIT system.
- Enable citizen to access application.
Feature List V1:
Employee:
- User registration
- Search user
- Update user details
- Forgot password
- Change password
- User role mapping(Single ulb to multiple role)
- Enable employee to login into DIGIT system based on password.
CItizen:
- Create user
- Update user
- Search user
- User registration using OTP
- OTP based login
Employee/User Flow V1:
- Create Employee, Search Employee, Update Employee. a). Currently any employee is allowed to create user in all ULB API Details: {+}https://egov-micro-dev.egovernments.org/redoc/#tag/User%2Fpaths%2F~1users~1_create%2Fpost+
- Login Employee: a). Here first time login is same like any login. API Details: {+}https://egov-micro-dev.egovernments.org/redoc/#tag/User%2Fpaths%2F~1oauth~1token%2Fpost+
UserService V1.1
The main theme of this version is to make user service multi-tenant. A single user/employee can belong to multiple tenant with different role.
Objective V1.1:
- Enable employee for multiple ulb access and ULB based role.
- Security
- Fixing tech debt
- API definition according to eGov standard.
- Lock/Unlock user
- Limit no. of OTP
- Changes in effected services
Feature List For Employee - V1.1
Feature | Enhancement (Why) | Currently | Impacted Module |
Create user with multiple city and role mapping for each ULB | Employee can have control in multiple ULB where each ULB can have multiple roles. | Employee can operate only in a single(Base) ULB. | API Gateway |
Can define state level user which provide ease of accessing state level roles. | State level user not possible. | All module which integrate with user module. | |
UI | |||
Search user which returns multiple city data. | To support multi tenant user validation | Can't support multi-tenant user validations | API Gateway |
All module which integrate with user module. | |||
UI | |||
Update user with multiple city and role mapping for each city. | To support multi tenant user update | Can't support multi tenant user update | API Gateway |
All module which integrate with user module. | |||
UI | |||
Force to set password at first time login with OTP validation. | Make system more secure | Security issue, who ever is creating role can login into system | UI |
Block / Unblock user on login failed for particular time. | Make system secure | Chances to guess password | UI |
To avoid brute force attack | Brute force attack | ||
Remove roles from User Service it should be pointing to MDMS roles | Code Cleanup | We need to maintain role at two places | NA |
Ease in maintaining roles |
Feature List For Citizen V1.1:
- Make user registration as two step process, firstly it will create user in inactive mode Once OTP validation is success then the user should be enable for login.
- Limit on resend OTP.
- Block / Unblock user on failed login attempt(Time based)