Target release	2019-M1
Epic	PLAT-1 - Getting issue details... STATUS
Document status	DRAFT
Document owner	Ghanshyam Rawat
Dev Status	NOT STATED
QA Status	NOT STARTED
PO Approval	PENDING

Context:
The Digit UserService provides information useful for forcing a user to log in or out, and retrieving information about the user who is currently logged-in and what kind of privileges / roles he/she has.
Current User Service forces single tenant user creation, i.e., a user can only belong to one tenant. For example: Citizen can belong to state and employee can belong to particular ULB or City. It also provides authentication and issues/renews auth tokens for use system wide. Citizens can register as users through a self registration flow that supports OTP based registration of mobile numbers.

Version:

V1 (Jan-2017 To Dec-2018)

- V1.1(Jan-2019 To March 2019)

What will Rainmaker accomplish :

1. Provide an easy-to-access, easy-to-use one-stop-shop for citizens to Pay, Apply, Inform and Resolve
2. Make people accountable and processes transparent - to the citizen and also within the government
3. Be easy and fast to deploy - across the government's machinery, across the state
4. Be easy for eGov to setup the system - with minimal localization and data migration effort

Guidelines :

1. Mobile first - services, info, dashboard and reporting
2. Localize - language (app, notifications, tracking, info)
3. All-browsers and all-device compatibility
4. UX/UI - "aam aadmi" design and not "silicon valley" design
5. Accountability of gov employee - never compromise
6. Standard Ontology - complaints, feedback, updates etc
7. Should work-well in low speed / no speed networks also

Audience:

1. Product Managers
2. Developers
3. Testers
4. Co-creation partners
5. Implementation Team
6. Third Party(TP) integrators

User Type:

DIGIT system has two types of users currently.

1. Employee
2. Citizen

Objectives V1:

Employee:

1. Enable employee to login into DIGIT system.
2. Enable employee to access application based on roles.

Citizen:

1. Enable citizen to login into DIGIT system.
2. Enable citizen to access application.

Feature List V1:

Employee:

1. User registration
2. Search user
3. Update user details
4. Forgot password
5. Change password
6. User role mapping(Single ulb to multiple role)
7. Enable employee to login into DIGIT system based on password.

CItizen:

1. Create user
2. Update user
3. Search user
4. User registration using OTP
5. OTP based login

Employee/User Flow V1:

1. Create Employee, Search Employee, Update Employee. a). Currently any employee is allowed to create user in all ULB API Details: {+}https://egov-micro-dev.egovernments.org/redoc/#tag/User%2Fpaths%2F~1users~1_create%2Fpost+
2. Login Employee: a). Here first time login is same like any login. API Details: {+}https://egov-micro-dev.egovernments.org/redoc/#tag/User%2Fpaths%2F~1oauth~1token%2Fpost+

UserService V1.1

The main theme of this version is to make user service multi-tenant. A single user/employee can belong to multiple tenant with different role.

Objective V1.1:

1. Enable employee for multiple ulb access and ULB based role.
2. Security
3. Fixing tech debt
4. API definition according to eGov standard.
5. Lock/Unlock user
6. Limit no. of OTP
7. Changes in effected services

Feature List For Employee - V1.1

Feature	Enhancement (Why)	Currently	Impacted Module

Create user with multiple city and role mapping for each ULB	Employee can have control in multiple ULB where each ULB can have multiple roles.	Employee can operate only in a single(Base) ULB.	API Gateway
	Can define state level user which provide ease of accessing state level roles.	State level user not possible.	All module which integrate with user module.
			UI

Search user which returns multiple city data.	To support multi tenant user validation	Can't support multi-tenant user validations	API Gateway
			All module which integrate with user module. PT, PGR, TL, Finance
			UI

Update user with multiple city and role mapping for each city.	To support multi tenant user update	Can't support multi tenant user update	API Gateway
			All module which integrate with user module.
			UI

Force to set password at first time login with OTP validation.	Make system more secure	Security issue, who ever is creating role can login into system	UI

Block / Unblock user on login failed for particular time.	Make system secure	Chances to guess password	UI
	To avoid brute force attack	Brute force attack

Remove roles from User Service it should be pointing to MDMS roles	Code Cleanup	We need to maintain role at two places	NA
	Ease in maintaining roles

Feature List For Citizen V1.1:

1. Make user registration as two step process, firstly it will create user in inactive mode Once OTP validation is success then the user should be enable for login.
2. Limit on resend OTP.
3. Block / Unblock user on failed login attempt(Time based)