Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    MoritzDillmann
    @MoritzDillmann
    Any suggestions?
    Jure Zakotnik
    @jzakotnik
    can you add/transfer to one of us?
    lennartploen
    @lennartploen
    Hi all, just to make sure we have a common understanding : is this room meant to replace our ("internal") exchanges on slack? and/or dedicated to exchanges with MINEFID in Burkina?
    Jure Zakotnik
    @jzakotnik
    Hi @lennartploen , no need to replace the existing "internal" channel, this room is meant for generic architecture and support discussions around trubudget and integration
    It's a public channel, i.e. anyone with github can join
    lennartploen
    @lennartploen
    perfect
    Mathias Höld
    @mathiashoeld
    should we add the gitter channel to the readme in our repo?
    Jure Zakotnik
    @jzakotnik
    @mathiashoeld good idea, it is mentioned on the website, but i've seen it's not in the readme
    Mathias Höld
    @mathiashoeld
    @jzakotnik ok, i'll add it right away
    Stefan Ziffer
    @Stezido
    Hi all! We released a new version of TruBudget: v1.0.0-beta.8, see https://github.com/openkfw/TruBudget/releases/tag/v1.0.0-beta.8
    Added
    • Digit grouping when typing amount of projected budgets
    • Edit projected budgets of projects and subprojects
    • External Webhook
      Changed
    • Reject workflowitem update when document would be overwritten
      Fixed
    • Schema for workflowitem_update
    • Sorting of Swagger documentation
    • Editing of workflowitem when amount type is changed to allocated/disbursed
    • Alignment of columns in workflowitem table
    • Display of error snackbar after failed login
    • Increased the stability of the event sourcing code by replacing the "immer" dependency with a custom implementation.
    • Provisioning error related to readiness of blockchain/api
    Jure Zakotnik
    @jzakotnik
    thanks
    Mathias Höld
    @mathiashoeld
    hi everyone, we’ve just released version 1.0.0 of TruBudget! :tada: checkout the release notes at https://github.com/openkfw/TruBudget/releases/tag/v1.0.0
    Stefan Ziffer
    @Stezido
    hi , we released a new version of TruBudget (v1.0.1) checkout the release notes at https://github.com/openkfw/TruBudget/releases/tag/v1.0.1
    ivica7
    @ivica7
    Hello there. First of all: great job on making this very interesting project open source. Really like the way you go. I wish, we could make our projects open source too and deploy them directly to ethereum mainnet. ;-) I've just watched the trubudget tutorial video. There is one architectural thing where I am not sure if I'm getting it right: in the demo there is a login mask with username/password. It looks to me like there is a central server where users are logging into to manage the project and its activities. Is there one central server for all users for managing the project data or is this distributed in some way? Later in the demo finished project activities can be commited (stamped?) to blockchain. Who's running this blockchain network? For instance in the Burkina Fasos usecase, who's running the nodes? One in BurkinaFaso and one at KfW?
    Roman Schiefer
    @gonzochic
    Hi @ivica7, your login credentials are stored on chain and therefore distributed across the network. The user is able to login through all nodes, but only able to sign transactions on nodes belonging to his group (you can find more details on how this is done here https://github.com/openkfw/TruBudget/blob/master/doc/adr/0010-multi-node-setup.md). In general all data of TruBudget is stored on-chain. A network is spawned between multiple organizations. Every organization can spawn multiple nodes to be fault tolerant. To not imbalance the network and to democraticly decide if new organization are allowed to join the network we have a mechanism (again, see the link i posted before about the multi node setup)
    ivica7
    @ivica7
    Ok. "all data is stored on-chain" <- that was the missing link. Are all transactions sent to BC always via the API component using the private key of the company? I assume username/password is also stored to blockchain and used by the api server of the company to authenticate/authorize the user? How are user passwords secured on chain (the data is shared between all nodes)? By hashing salted passwords?
    Roman Schiefer
    @gonzochic
    @ivica7 When a user is created we are generating a key pair for the user (this is the key he needs to provide if he wants to do a transaction), then we are obviously hashing the password and additionally we are encrypting the key pair with a secret which is only known to the organization (we call it organization vault secret). With this mechanism we achieve the following capabilities: Users can log in from everywhere but User can only sign transactions on node(s) of their organization. With this mechanism we also have disaster recovery, because even if all nodes of an organization fail, the organization can simply sync the last state from other organization and decrypt their keys with their secret.
    ivica7
    @ivica7
    Ok got it.. so the sequence is: User logs in with username/password, api server (knows org‘s vault secret) looks up user’s encrypted priv. key and hashed pwd from chain. If password hashes match, user is logged in and all actions that are performed are sent to BC by the API Server signed with user‘s private key, which is decrypted from chain using org‘s vault secret? The user has no direct contact with his priv. key?
    Roman Schiefer
    @gonzochic
    Yes :)
    ivica7
    @ivica7
    An interesting hybrid approach. Advantages on the side of recoverability/simplicity (bc as the only persistence layer) but also disadvantages on the side of security/grade of decentralization(stealing org’s vault secret means taking over all user accounts of the org)?
    Jure Zakotnik
    @jzakotnik
    @ivica7 nice to see you here, I see I am late to the party. Yes, we didn't know how complex the identity management will be and it wasn't crucial to the use case. This might potentially be updated in the future, depending on the experiences. For now it's simple enough.
    Roman Schiefer
    @gonzochic
    @ivica7 you would need to steal the vault secret AND compromise user credentials AND get access to the network. As far as I know there are not a lot of systems which are resilient to this :-D
    In the end the idea was to use as much of blockchain authN/authZ concepts (keys) but give the user an experience he is used to with username and passwords. I believe we found a good solution which is still resilient enough to withstand malicious intents :)
    ivica7
    @ivica7
    @jzakotnik hi. Nice to see you here too. My best LinkedIn source for interesting news/facts. :)) @gonzochic The rational behind the decision sounds valid to me. There is one point I don’t understand yet: why is it needed to compromise the user credentials? If I habe the vault secret, I can decrypt the priv. key of the user and craft a BC request, right?
    Jure Zakotnik
    @jzakotnik
    @ivica7 This assumes you have direct access to the blockchain and managed to get around the API already, right?
    ivica7
    @ivica7
    Yes. That would be the assumption.
    Jure Zakotnik
    @jzakotnik
    Yes, this is a risk, however small enough to accept it for the moment.
    ivica7
    @ivica7
    👍🏻 One more question if you have time to answer: Since I wasn‘t able yet to install a second node (second org), I wasn‘t able to test it myself.. in projects, I can assign project tasks to users. I assume, I can also set there users from other companies too?
    Mathias Höld
    @mathiashoeld
    yes, you can choose any user from any node of the network, across different organizations :)
    ivica7
    @ivica7
    Thanks a lot for the fast answers. I think I have a rough overview of TruBudget now. I have no concrete usecase right now, but good to know about it for the case one is going to cross my way in the future! Keep the good work going on!!
    Mathias Höld
    @mathiashoeld
    will do :) thanks for the nice words!
    Mathias Höld
    @mathiashoeld
    hello everybody! we just released TruBudget version 1.2.0 on github! you can see the release notes here: https://github.com/openkfw/TruBudget/releases/tag/v1.2.0
    Stefan Ziffer
    @Stezido
    Hi! We just released TruBudget version 1.3.0 on Github! Checkout the new stuff we added to this release like the search feature or project tagging. You can see the release notes here: https://github.com/openkfw/TruBudget/releases/tag/v1.3.0
    Raj K
    @rajkbess
    Hello Everyone! I am new in this TruBudget community. I am going to use TruBudget for KFW in Africa for the upcoming project. I need your assistance in the case, I find difficult to understand TruBudget. thanks have a good day!
    Raj K
    @rajkbess
    Can you please help me to know, who is the admin of this room and product owner of TruBudget?
    Stefan Ziffer
    @Stezido
    Hi @rajkbess, nice to hear that you are going to use Trubudget. For assistance I would highly recommend to check out our documentation. To get started use the Getting Started section https://github.com/openkfw/TruBudget#getting-started and try to setup Trubudget. If Trubudget runs on your machine you can check out our user guide https://github.com/openkfw/TruBudget/blob/master/doc/wiki/User-Guide/README.md. If you need further assistance pm me or @mathiashoeld.
    Jure Zakotnik
    @jzakotnik
    @rajkbess I am the product owner - how can we help? What is the type of project you are looking at? If you like we can schedule a call or continue via email
    Ah, are you not one of the experts for the ethiopia project?
    Raj K
    @rajkbess
    @jzakotnik HI thanks for your message. Yes, I am going for Ethiopia project! Recently I have compiled master branch at the local machine. But I can see that stable latest tag is v1.3.0. I think I should use this for Ethiopia project, what do you say? I also want to learn more about the functional side of this software.
    Mathias Höld
    @mathiashoeld
    @rajkbess yes, please use version v1.3.0. we are releasing new versions every 2-3 weeks. we will post updates here in gitter
    Raj K
    @rajkbess
    @mathiashoeld thanks for information about release
    @mathiashoeld can you please help to know more about the lead developers of this project?
    Mathias Höld
    @mathiashoeld
    @rajkbess what information do you need?
    Raj K
    @rajkbess
    @mathiashoeld I am in customisation of this project as per our client's requirement. In case, I find some technical difficulty to solve, then developer of this project might help me to know about this project structure and i will get his assistance
    Mathias Höld
    @mathiashoeld

    @rajkbess basically the application is divided in 3 major parts: the blockchain, the API and the frontend. each of those has a README file in the folder on github, see
    https://github.com/openkfw/TruBudget/tree/master/blockchain
    https://github.com/openkfw/TruBudget/tree/master/api
    https://github.com/openkfw/TruBudget/tree/master/frontend
    the API is structured in layers. there is a guide for each layer, see
    https://github.com/openkfw/TruBudget/tree/master/api/src
    https://github.com/openkfw/TruBudget/tree/master/api/src/service
    https://github.com/openkfw/TruBudget/tree/master/api/src/service/domain

    there is a lot of important information in these READMEs. if you have any further and concrete questions, don't hesitate to ask them here

    Raj K
    @rajkbess
    @mathiashoeld thanks!
    Jure Zakotnik
    @jzakotnik
    @rajkbess in that case I am the client :) I would suggest to discuss what changes are needed and we decide if it goes to the main release cycle or if separate specific components are needed for their IT systems (similar to the SAP adapter developed for BNDES brazil development bank)
    Stefan Ziffer
    @Stezido
    Hi! We just released TruBudget version 1.4.0 on Github! You can see the release notes here: https://github.com/openkfw/TruBudget/releases/tag/v1.4.0
    Stefan Ziffer
    @Stezido
    Hi, we released a new hotfix version of Trubudget (v1.4.1). It fixes a bug where the root user couldn't grant admin permissions to the first user. You can see the hotfix release notes here: https://github.com/openkfw/TruBudget/releases/tag/v1.4.1.