Highlights
- Present a mutually accessible user authentication system by the end-user and administrator to increase maintainability and relevance.
- Extensible to other services and help facilitate user transaction and record keeping.
- Centralized User management system for record consistency.
Six Components
- Security & Privacy
- Technology
- Extendibility
- Application
- Onboarding and Maintenance
1. Security & Privacy
The proposed member authentication system follows the OAuth 2.0 standard which features user authentication process with end-to-end and RS256 Public-Private Key server-side encryption. By using token-based instead of session-based management, the design will lessen the load to verify a user and does not require the system to keep in memory all active sessions. By being stateless, we can autoscale up hardware architecture in the cloud to handle the fluctuation of traffic.
We have begun to draft the user agreement and privacy policy according to the ordinances in Hong Kong, USA, and Europe.
2. Technology
The architectures are built with the below vendors and service providers.
- Amazon Web Service & Google Cloud— For various cloud computing, storage, function as a service, static site hosting, database management, caching management, text-to-speech, image recognition, machine translation, assets manipulation, etc (EC2, S3, Lambda, DynamoDB, Athenia, API Gateway, Polly, Cloudformation)
- Heroku — For full-stack deployment and prototyping
- Siteground — For Wordpress Hosting
- Cloudflare — For all entities SSL, DNS and content delivery network
- Github — For source code versioning and collaboration control
3. Extensibility
The Church of God’s various services is comprised of various microservices designed to function independently and collectively. The membership system itself is a headless backend service that exposes its various capabilities via RESTful API written in Nodejs, which its core API includes authentication logic, encryption, and token technology, as well as NoSQL database layer. The primary server is hosted in Heroku with its source code stored in its Github private repository.
By being a headless backend service, developers have the flexibility to deploy user interfaces in various platforms such as Web, iOS, Android, Windows, and chat apps.
Currently, we have developed a web-based user interface for administrators and end-user to manage their profiles and groups. The user information can be shared securely and appropriately within various departments and groups in the church. All levels of user details, attributes and permission can be customized.
4. Application
The membership system can be used for administrative record-keeping, data analysis, registration, communication, and provide a platform to build upon various self-serviced user actions.
5. User Onboarding and Maintenance
In order to onboard end-users, we have created and updated a suite of existing services to attract users to maintain their accounts. We have also serialized and migrated data from legacy services to make the transition more seamless.
The core services that we have built include,
- Attendance System
- Group Management and Analytics
- Sermon
- Digital Hymns
- Church Notice
There was considerable effort spent in various products to create incentives for the end-user to help maintain their data and records without additional effort from administrator.
