Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Hexxx
Minmatar Sebiestor tribe
|
Posted - 2007.09.12 15:44:00 -
[1]
G'day folks.
Today I'm going to be talking about EBANK Operation Principles and Design. I wanted to provide an update, let everyone know we're alive, and share some of the considerations we take into account as we build EBANK. Feel free to comment, ask questions, etc!
1. Controls
Controls serve the important purpose of mitigating risk. These control activities generally support the aim of a control objective. In the case of EBANK; one of the most important control objectives is to limit the overall ability of one person to draw "unlimited" funds. The control activity for this leverages a concept called "segregation of duties" which basically dictates that the person writing the checks, isn't cashing the checks. For EBANK, this means that "Tellers" can not also be "Fund Managers". Now, it is very important to point out that all controls can be compromised by collusion, which means they can't protect against a malicious "Teller" working with a malicious "Fund Manager".
2. Database Integrity
As an example; When a withdraw request is made, three things happen: 1) The balance of the account in question is queried. 2) The debit is run against the balance, the difference is recorded when the transaction record is created. 3) The account balance is updated to reflect this new amount.
Obviously, if any one of these queries fail, you don't want the rest of them to run. This would lead to a compromise in the integrity of the database. Keeping this in mind, queries are being grouped into "transactions" which dictate that all queries must be executed successfully in order for their changes/updates to be applied permanently to the database.
3. Audits and Reports
Most transactions are being built with audit in mind, there should be a record of who does what to the database. For withdraw requests, this means the name of the "Teller" is recorded in the transaction record itself. If the account holder feels they recieved the wrong amount of isk (say for example, they request a withdrawl of 1 million but only recieve 100k) they can send a screenshot to the EBANK conflict resolution group and transaction records can be pulled. Not only can we verify who transfered the isk, we can verify that they transferred the correct amount.
The same idea is applied to fund manager accounts, which are different from customer accounts and will be used to measure EBANK's total liquidity (deposits vs. available funds)
4. Abstracted Design
The EBANK website is built with data, logic, and presentation abstraction in mind. Below is a rough logic flow of how this works.
Data Abstraction Layer -> EBANK Logic -> Presentation/HTML/Graphics/Forms/Links
The design helps in a couple of areas: 1) Strongly types all data, eliminating SQL Injection attacks and ensuring that data corruption is also avoided. 2) Simplifies queries, logic, and HTML by seperating them and allowing web designers to work on the site without causing errors with application logic or data. 3) Makes coding easier and faster all around. (Yah!)
This is starting to sound like a Dev Blog....anyway...
Some other little items of interest:
1) Revised a great deal of the database design. 2) Revised a few of the pages in terms of aesthetics and also logic 3) Added support for administration, multiple accounts, and redundant account balance information (to help perserve balance integrity for each account) 4) Interest rate credits are being tested and finalized
That's it for this week!
Hexxx LLP - Business Consulting Services - IPO's, Business Plans, Share/Stock Pricing, and general Consulting.
|
Shar Tegral
|
Posted - 2007.09.12 16:05:00 -
[2]
Hmmmm.... first?
It's A GIRL!!!!! |
Hexxx
Minmatar Sebiestor tribe
|
Posted - 2007.09.12 21:40:00 -
[3]
100 views later and only a first post reply?
Either everything I've written is completely awesome or....no one understands a damn thing I'm talking about.
Hexxx LLP - Business Consulting Services - IPO's, Business Plans, Share/Stock Pricing, and general Consulting.
|
Jaarlax
Ratty Corp PLC Confederation of Independent Corporations
|
Posted - 2007.09.12 21:51:00 -
[4]
well i read the first word and got the jist of it, so didnt read the rest
|
Kitex
Blacktag Test Labs
|
Posted - 2007.09.12 21:59:00 -
[5]
Originally by: Hexxx 100 views later and only a first post reply?
Either everything I've written is completely awesome or....no one understands a damn thing I'm talking about.
Though I admit I'm not terribly interested in all the technical details, your post does inspire confidence. It sounds like you guys are choosing to err on the side of perfection with this, which is fantastic. Every post, update, or plan I've seen in regard to the E-Bank has been more detailed and thought out than anyone really has a right to expect.
I'm still not sure I'll ever have use for a savings account, but if I find that I do, there certainly won't be any trust issues. Keep it up fellas, I'm enjoying watching this thing develop.
Blacktag - Buy ships / Fittings / Drones / Ammo in BULK with Delivery! |
Shar Tegral
|
Posted - 2007.09.13 10:13:00 -
[6]
Originally by: Kitex Every post, update, or plan I've seen in regard to the E-Bank has been more detailed and thought out than anyone really has a right to expect.
Such excellence does come with a price though: Little to discuss so empty thread. >sniff<
It's A GIRL!!!!! |
Hexxx
Minmatar Sebiestor tribe
|
Posted - 2007.09.13 11:38:00 -
[7]
Originally by: Shar Tegral
Originally by: Kitex Every post, update, or plan I've seen in regard to the E-Bank has been more detailed and thought out than anyone really has a right to expect.
Such excellence does come with a price though: Little to discuss so empty thread. >sniff<
It's an odd problem to have.
Maybe I should have written something more like;
"I R BANK MUCH WEALTH! GROWTH! DEPOSIT NOW, DO YOU WISH FOR GAINS??! LOLERZ! WE CAN GROW WEALTH TOGETHER!"
Hexxx LLP - Business Consulting Services - IPO's, Business Plans, Share/Stock Pricing, and general Consulting.
|
Nocturnal Avenger
The Ankou The Reckoning.
|
Posted - 2007.09.13 12:04:00 -
[8]
Originally by: Hexxx "I R BANK MUCH WEALTH! GROWTH! DEPOSIT NOW, DO YOU WISH FOR GAINS??! LOLERZ! WE CAN GROW WEALTH TOGETHER!"
Yarrr
Where can I transfer my funds?
- Carebear Pirate - |
Serenity Steele
Dynamic Data Distribution
|
Posted - 2007.09.13 16:10:00 -
[9]
From what I've read, It looks like you're missing an opportunity to leverage the Public API key for: - Tellers - Fund Managers - Disputed payments / receipts
Basically, use the public API key to have an authoritative source for all transactions (the EvE DB), and require the data for participation, as well as disputing transactions.
Using screen shots is about as reliable as getting an GOONIAC pilot to post the objective truth.
Eve Strategic Maps - Outpost Alert - Sovereign Systems - Alliance Rank |
Hexxx
Minmatar Sebiestor tribe
|
Posted - 2007.09.13 16:36:00 -
[10]
Originally by: Serenity Steele From what I've read, It looks like you're missing an opportunity to leverage the Public API key for: - Tellers - Fund Managers - Disputed payments / receipts
Basically, use the public API key to have an authoritative source for all transactions (the EvE DB), and require the data for participation, as well as disputing transactions.
Using screen shots is about as reliable as getting an GOONIAC pilot to post the objective truth.
That's a fantastic idea actually. Maybe even reconcile transaction logs of tellers against withdraw requests those tellers authorize in order to identify issues immiediately.
Hexxx LLP - Business Consulting Services - IPO's, Business Plans, Share/Stock Pricing, and general Consulting.
|
|
Shar Tegral
|
Posted - 2007.09.13 16:38:00 -
[11]
Originally by: Serenity Steele Basically, use the public API key to have an authoritative source for all transactions (the EvE DB), and require the data for participation, as well as disputing transactions.
Extremely good point. I'm also going to tell you that this is but one, just one, of the many things that get discussed amongst the board. However discussion must be secondary to hard quantified goals. Hexx and LV are hard at work making the first phases realities. Then I'm sure we'll see another tsunami of ideas being tossed about and hammered out. You can ebank on that.
It's A GIRL!!!!! |
Hexxx
Minmatar Sebiestor tribe
|
Posted - 2007.09.13 17:32:00 -
[12]
Originally by: Shar Tegral
Originally by: Serenity Steele Basically, use the public API key to have an authoritative source for all transactions (the EvE DB), and require the data for participation, as well as disputing transactions.
Extremely good point. I'm also going to tell you that this is but one, just one, of the many things that get discussed amongst the board. However discussion must be secondary to hard quantified goals. Hexx and LV are hard at work making the first phases realities. Then I'm sure we'll see another tsunami of ideas being tossed about and hammered out. You can ebank on that.
Shar is correct.
LV and I have a set list of minimum features that MUST be implemented before we begin implementing any other features. This "first set" being complete is a requirement for launching EBANK officially. The Board actively discusses new ideas and notes are made, but untill the first feature set is complete, no implementation of these features will be done.
We've abstained from publically listing a target date for launch. As Ricidc has stated before, it'll be ready when it's ready.
We do have an internal target date that we've set and we're working hard to make that date. LV and I are very excited to see all of our hard work payoff with a successful launch and operation of EBANK.
Hexxx LLP - Business Consulting Services - IPO's, Business Plans, Share/Stock Pricing, and general Consulting.
|
Marie deMedici
|
Posted - 2007.09.15 23:57:00 -
[13]
hexxx are you transactions "serializable" ? =) ie. no phantom reads for example?
|
Hexxx
Minmatar Sebiestor tribe
|
Posted - 2007.09.16 01:07:00 -
[14]
Originally by: Marie deMedici hexxx are you transactions "serializable" ? =) ie. no phantom reads for example?
I'm not entirely clear on what your asking, could you elaborate a bit more?
Hexxx LLP - Business Consulting Services - IPO's, Business Plans, Share/Stock Pricing, and general Consulting.
|
FastLearner
Fury Holdings Brutally Clever Empire
|
Posted - 2007.09.16 03:53:00 -
[15]
Edited by: FastLearner on 16/09/2007 03:54:25 Edited by: FastLearner on 16/09/2007 03:53:41
Originally by: Hexxx
Originally by: Marie deMedici hexxx are you transactions "serializable" ? =) ie. no phantom reads for example?
I'm not entirely clear on what your asking, could you elaborate a bit more?
I'd guess (and it's no more) that Marie is asking whether all database activity asociated with a transaction is packaged together. i.e. if a check is made on balance prior to a withdrawal, is the software designed such that there can be no intermediate changes to balance (before the withdrawal is applied). It's functionality available in most top-end databases (other, obviously, than whatever Eve uses).
I don't personally see it as an issue - as I don't see the level of traffic being such that it would become relevant. But I think I can see the point of the question she's asking: i.e. if the database is queried to check that a withdrawakl is valid, are the database queries packaged such that the result of the query is necessarily valid?
On the topic in general, I think the topic title probably killed a lot of responses: the topic title suggested that the post was about the principles on which the bank was founded when, in fact, it was about the principles on which the software was being designed. As a competitor (sort of) the topic's of little interest to me - the "principles" i'm interested in (both as a competitor and as a potential customer) are what rate of interest you pay, how you guarantee generating the funds to pay the interest and how you ensure funds are available if I want to make a withdrawal. That you know how to normalise an RDB is expected - but not of particular interest: were it not normalised then obviously I'd be doubting your competence.
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |