Store and share documents securely

Summary

This code pattern shows you how to store and share documents in a secure way. You’ll see how documents are stored with encryption and how those documents can be shared across personas that require authentication and authorization.

Description

Data provides a critical foundation for every operation of your organization. Organizations collect lots of data, including documents, from their customers. It is critical that organizations have robust security mechanisms in place to secure sensitive customer documents. In addition to securing these documents using application authentication and authorization, data should be encrypted and stored securely.

This code pattern focuses on two specific processes in a banking scenario:

  • Opening a savings bank account
  • Originating a loan

For the opening of the savings account, the customer submits documents for proof of identification and address. These documents are stored in shared storage, and are verified and approved for the opening of the account. Next, the customer applies for a loan with the bank’s loan department. The loan department also needs the proof of ID and address as part of the loan approval process. The customer does not need to resubmit these documents as they have already been submitted during the savings account application process. The loan department official accesses these documents through shared storage in order to process the loan application.

This code pattern shows you how to:

  • Deploy a simple banking application on Red Hat OpenShift.
  • Integrate IBM Security Verify with the banking application to provide authentication and authorization for users.
  • Securely store customer-provided documents on IBM Cloud Object Storage.
  • Encrypt data using IBM Key Protect for IBM Cloud.
  • Securely access stored customer documents for the loan approval process.

Flow

Flow: Store and share documents securely

  1. User (customer or bank official) accesses the application.
  2. User registers and logs in to the application.
  3. Front-end application accesses:
    • The savings account service to get the savings account details.
    • The loan account service to apply for and obtain loan account details.
    • The approval service (bank official) to approve or reject the savings account and loan account requests.
  4. Services (savings account, loan account, and approval) use data access service and the document access service to store and retrieve account details and documents to the database and IBM Cloud Object Storage.
  5. Database stores the account details.
  6. IBM Cloud Object Storage stores the user documents.
  7. Documents are encrypted in IBM Cloud Object Storage.

Instructions

Find the detailed steps for this pattern in the readme file. These steps show you how to:

  1. Clone the repository
  2. Create IBM Cloud service instances
  3. Configure the services
  4. Deploy the microservices
  5. Access the application