INFS5002 GROUP 16

Design Proposal

DELIVERABLE 2
Design Proposal for Open Banking

Project Title Securing Information in an Open Data Environment

Group Name Group 16

Group Members

Member 1
Name Sampath Sahhas Nathella
SID 480213820
Phone 0450831200
Email Snat0132@uni.sydney.edu.au
Member 2
Name Ivy Nguyen
SID 470284395
Phone 0403904800
Email Ingu4193@uni.sydney.edu.au
Member 3
Name Rebeka Islam
SID 480317807
Phone 0481773336
Email Risl4634@uni.sydney.edu.au
Member 4
Name Linda Herawati
SID 480147802
Phone 0450801728
Email Lher7906@uni.sydney.edu.au
INFS5002 GROUP 16
Design Proposal

Table of Contents
1 Storyboard ..................................................................................................................... 2
2 BMC ............................................................................................................................... 5
3 Functional Decomposition Diagram ................................................................................ 6
4 Use Case ......................................................................................................................... 7
5 BPMN ............................................................................................................................. 8
6 Interface ......................................................................................................................... 9
7 System Architecture ..................................................................................................... 14
7.1 Design Specifications ........................................................................................................ 14

8 Lessons Learned ........................................................................................................... 16

8.1 Sahhas ............................................................................................................................. 16
8.2 Linda................................................................................................................................ 17
8.3 Rebeka............................................................................................................................. 18
8.4 Ivy ................................................................................................................................... 18

INFS5002 GROUP 16 1
INFS5002 GROUP 16
Design Proposal

1 Storyboard
INFS5002 GROUP 16
Design Proposal

INFS5002 GROUP 16 3
INFS5002 GROUP 16
Design Proposal

INFS5002 GROUP 16 4
INFS5002 GROUP 16
Design Proposal

2 BMC

INFS5002 GROUP 16 5
INFS5002 GROUP 16
Design Proposal

3 Functional Decomposition Diagram

Data
Tracker

Third Party Manage

Log-in
Access Consent

Log-in List of Third Revoke Report

Access type Lock Access
Details Parties consent Misuse

Register Notification Ongoing Confirm Revoke Third Party

Forgot Add
Conditional
Password Comment

Report

INFS5002 GROUP 16 6
INFS5002 GROUP 16
Design Proposal

4 Use Case

Description: This use case walks through the process of the user revoking access of his personal
banking data to a suspicious third party. The user then reports the actions of the suspicious third
party.
Actors: User – The registered user
Pre-conditions: User has logged into the data tracker application on his smartphone.

Step Actor/System Description

1 System The user is presented with the homepage of the app showing the description
of all the 3rd parties that has access to his/her data.

2 User On this page the user sees a notification that the suspicious 3rd party is trying
to gain access to additional data. The user then clicks on the suspicious
3rd party and opens the actions page
3 System The user is presented with multiple options to choose. The following are the 5
uses available, “access type, lock access, data consented, revoke consent,
report misuse”
4 User The user clicks on the revoke consent option and opens in to a slide bar with
an on and off switch. The user chooses the option to revoke access to the
suspicious 3rd party.
5 System The system approves this action after an additional request to the user. The
system notifies the users bank to revoke access to the suspicious 3rd party.

6 User After this action the user goes back to the previous page and clicks on the
report misuse option.

7 System The user is presented with the report misuse page. After the top is the
description of what to write. The middle is a text box in which the user writes
down the complaint. The bottom has the submit button.
8 User The user writes down the complaint in the text box after reading the
instructions. The user then clicks the submit button and has completed the
action
9 System The users request is approved and the report is sent to the users bank and
stored on the app.
INFS5002 GROUP 16
Design Proposal

5 BPMN
INFS5002 GROUP 16
Design Proposal

6 Interface

INFS5002 GROUP 16 9
INFS5002 GROUP 16
Design Proposal

INFS5002 GROUP 16 10
INFS5002 GROUP 16
Design Proposal

INFS5002 GROUP 16 11
INFS5002 GROUP 16
Design Proposal
INFS5002 GROUP 16
Design Proposal
INFS5002 GROUP 16
Design Proposal

7 System Architecture

7.1 Design Specifications

According to Deloitte (2017), Android and IoS own 75% of the smartphone market share in
Australia. For that reason, DataTracker will execute cross-platform development for its mobile
application. Xamarin was chosen as the platform developer, as provides more benefits
compared to Apache Cordova or Sencha. Apache Cordova uses HTML, which does not adjust
well with native platforms, due to the user interface being built on webpage. Conversely,
Xamarin allows the developer to test the application for various of devices as it utilises C#
which enables adjustments to the native platform (Android or iOs). In addition, users will

INFS5002 GROUP 16 14
INFS5002 GROUP 16
Design Proposal

benefit from the quality of application as Xamarin can access the full hardware capacity. This
will allow the application run at its maximum speed.

For the server, DataTracker will use Microsoft Azure to host its mobile application. Azure
provides a range of features aid efficiency in the release of the DataTracker application. Azure
comes with a notification Hub and API management that are required for DataTracker.
Moreover, as Azure is a cloud based server, DataTracker will be benefit from its in-built
firewall. Therefore, DataTracker does not need to acquire another firewall to protect its
hosting. According to Wayner (2018), Microsoft provides financial compensation if the
function of server goes down. This indicates reliability through the guarantee that the
application will run smoothly. Conversely, the option to use AWS is not viable as it does not
support the hybrid cloud. Thus, if there is a change for server requirement, AWS will not be
able to accept other servers beside its own.

REST API is used as the framework for developing DataTracker, as it encompasses a number of
beneficial features. One of them is real time notifications, which is one of the main functions
of the application. Furthermore, it is simple to use and can be converted to different formats
of API, i.e. JSON and XML. In addition, REST can be accepted with various of technologies, so
that DataTracker or its partner does not require specific technology to use it. Moreover, the
recovery for REST is fast if there is a failure in the system.

REST is more data driven whereas SOAP is a standardized protocol for transferring structured
information. REST allows many different data formats including HTML, XML and JSON and
attains more browser compatibility. On the other hand SOAP only uses XML. Both support SSL
for end-to-end security, and REST also uses the secure version of HTTP protocol, HTTPS. REST
requires fewer resources and less bandwidth. Data in REST can be marked as cacheable which
means it can be reused so there is no need to resend a new request; this saves time and
improves scalability. REST is less complex which means it’s easier to make updates. Therefore,
for designing API, REST will be used, as it is less complex, easy to implement, faster and more
reliable.

INFS5002 GROUP 16 15
INFS5002 GROUP 16
Design Proposal

DataTracker will use JSON for data format, as it is super browser compatible and can be used
for many purposes. JSON is less detailed, which allows quicker exchange and is more machine-
readable. In order for data to be accessed, a token-based authorisation framework will be
employed. The most common protocols are SAML and OAuth. OAuth2.0 allows API’s,
authorised devices, applications and servers to authenticate themselves through an access
token, in order to receive specific delegations. It is extremely beneficial to utilise OAuth2.0
tokens to access user data, as it can facilitate specific functions in applications, whereby a user
can allow applications access to their data. Furthermore, OAuth2.0 is a reliable and widely
used authentication framework. Thus, implementation of Auth2.0 can mitigate associated
risks post-implementation of the application.

8 Lessons Learned

8.1 Sahhas

The group assignment has provided me a vast knowledge and experience on developing a new
application and understanding the complications that are associated with open banking. It has
educated me on how to proceed with a structured approach when trying to develop a new
idea that is trying to solve a persistent issue. The assignment has made me utilize the concept
that were thought in class. The activities in class have prepared me to work on the different
parts of the assignment. For instance, the BPMN and BMC were considerably easier to do due
to prior experience in class while doing the activities on the whiteboard. This has made me
appreciate the assignment as it is closely related to what was thought in class. The assignment
has also given me a solid foundation into what I can expect from the further units of this
course and has hopefully prepared me for the next semester. Another part of the deliverable
that helped was the risk avoidance plan, as one of our team member dropped out of our
group our contingency plan came into place to mitigate the loss of one of our group member.

Reflecting on what I would do similarly next time is that I would follow the Gantt chart as it
has effectively divided responsibility within our group and has clearly stated deadlines and
duties of each group member. On what I would do differently next time is that I would try to

INFS5002 GROUP 16 16
INFS5002 GROUP 16
Design Proposal

take more advice and assistance from the lecturer during their consulting hours as it can
further refine and improve the assignment.

8.2 Linda

From the deliverable 1 and 2, I gained different experiences and learning about those things.
Prior to this assignment, I did not know that there is a ‘translation’ language for systems. This
is a good learning for me to enhance my knowledge in IT industry, especially I am thinking to
do the IS major. As we selected the open banking issue, I have gained some information how
banks try their best to ensure about the safety of the personal information is been kept. It
might just being ignore by us as customers until there is an issue like a problem that Facebook
faced.

I have chance to practise the logical thinking for the IS activities (BPMN, BMC, System
Enterprise, etc). The most challenging part is to identify software and hardware to be used for
the systems. As online recommendations tend to state their preference of skills and
technology they like, rather than explaining which is better. In fact, after evaluating few
alternatives, I noticed that the features of system might be different, however for the
functioning side is same. It will depend on the skill and technology available for us to decide
which we will acquire. As price is competitive, it will not be a point to compare.

From the experience side in doing this assignment, I identify how crowdsourcing can be
effective to produce good report, when everyone trying to engage and aim the same goal. For
example, someone with a good skill of designing can contribute on the design part and other
do other parts, therefore the aim to get the best result can be achieved. Moreover, the
different knowledge and understanding of concepts among members can enrich my learning
on this course. In this case, the double-loop and feedback concept can be experienced as what
I have done I can feel that it might be the best version for me. In fact, it might not be the best
from other perspectives. From this, we helped to correct each other to gain the most
beneficial result. However, if I still believed I am right, I will prove with my findings. Overall,
this assignment showed me some scopes of IS and it helps to give me brief idea which area I
will be more focusing.

INFS5002 GROUP 16 17
INFS5002 GROUP 16
Design Proposal

8.3 Rebeka

This has been an amazing learning experience for me. There are quite a few things that were
completely new for me. I was not familiar with OneNote earlier, but while doing the project I
got to know how it works. We shared all our works on OneNote. I will definitely apply the
things I have learned from this project. For example- I can apply business model canvas
(BMC), functional decomposition diagram while developing a business plan or for analysing a
business. Furthermore, it can be helpful for future projects as well. Work breakdown structure
and gnat chart helped me to prioritize work and schedule time. This can be applied in daily life
and helpful in setting goals. I learned how to do a storyboard. I had absolutely no idea about
this before. Coming from a different country with different background was bit of a challenge
for me, because it took me a while to understand certain things. I was not very quick at
grasping and understanding things. I intend to specialise in business information system,
hence, this course has prepared me for other units. System architecture is very new for me
and I need to work hard on this to understand it clearly. This project has taught me about the
open banking and API. I learned how a project should be structured and how to come up with
a clear proposed solution for a problem. The most interesting part of the project was that I got
the chance to practically apply the knowledge learned in this unit during the semester. In the
future, I would spend more time on research. Since this was my first semester I could not
manage time properly. Therefore, next time I would put more effort on research and try to
get as much feedback as I can from the unit coordinator.

8.4 Ivy

A number of lessons learned can be learned from the project, specifically the need to set
quality standards and plan for inconsistencies in individual capabilities. It also evident that
personal relationships create ethical dilemmas, which can be extremely detrimental to project
success.

Setting quality standards allows one to outline the expectations for the work produced by
each member. It is simple for each member to agree they would like to achieve a high final
mark for the project. However, understanding or perception of what is high quality work may
not be consistent across the team. Specific quality standards or requirements were not set

INFS5002 GROUP 16 18
INFS5002 GROUP 16
Design Proposal

during project planning, which caused delays in schedule, as poorly completed tasks had to be
redone.

Different levels of software and hardware literacy made it difficult to communicate ideas and
concepts across all members effectively. Taking the time to thoroughly explain application
functions took up valuable time. Assessing competencies and strengths of members from the
outset of the project, would ensure that members can prepare by undertaking personal
learning in order to gain the skills and understanding needed to complete the project.

Personal relationships create conflict with completion of project tasks, as they can prevent
members from giving genuine feedback on other’s performance. It is important for
constructive feedback to inform the tasks during the project, as it allows for early adjustments
and changes and prevents delays in schedule. Not giving detailed feedback to members
results in vague adjustments. Without specific constructive criticism, it is difficult for the
individual to pinpoint which component needs improvement, why and how it can be
improved. This results in another person re-doing the tasks, which further pushes the project
behind schedule.

9 References

INFS5002 GROUP 16 19
INFS5002 GROUP 16
Design Proposal

Deloitte 2017, ‘Smart everything, everywhere Mobile Consumer Survey 2017’, retrieved on 04
June 2018, <https://landing.deloitte.com.au/rs/761-IBL-328/images/tmt-mobile-consumer-
survey-2017_pdf.pdf?utm_source=marketo&utm_medium=lp&utm_campaign=tmt-mobile-
consumer-survey-2017&utm_content=body>

Martinex, M & Lecomte, S 2017, ‘Towards the quality improvement of cross-platform mobile
applications’, IEEE/ACM 4th International Conference on Mobile Software Engineering and
Systems (MOBILESoft), Buenos Aires, pp. 184-188.

Wayner, P 2018, ‘Serverless in the cloud: AWS vs. google cloud vs. microsoft
azure’, InfoWorld.Com, retrieved on 04 June 2018 ,
<http://ezproxy.library.usyd.edu.au/login?url=https://search-proquest-
com.ezproxy1.library.usyd.edu.au/docview/2018421176?accountid=1>

INFS5002 GROUP 16 20