[EPIC] MVP Features

[nelsonic]

The Door Entry part of the Smart Home Security System is taking shape nicely thanks to @th0mas 🎉 The question of how to implement the GUI was raised in https://github.com/dwyl/smart-home-security-system/issues/9 (thanks!) which reminded us we don't have a more detailed road map of the features we want for the system described in an issue.

We want the Security System to be as "Self-serve" as possible. We don't want any random person to be able to add their device and authenticate without any checks. But we do want people to be able to authenticate on their phone and associate their account with the device. Once the person has performed the authentication and added the device to their account, approval from someone with admin privileges is required to confirm the registration.

Note: Diagram to follow shortly with more detail I just got scuppered by Google Docs ... so having to track down my 2FA device to re-auth. 🙄

Features

1. When a new (unrecognised) device (RFID/NFC tag) is scanned at the front door of @home the system should:

   • [ ] Display "Hello Friend!" on the Welcome display https://github.com/dwyl/smart-home-security-system/issues/10
   • [ ] Send a notification to the building manager (admin) who can help get them setup as recognised device.
   • [ ] Once the device has been approved, display a message on the screen, e.g: "Welcome {Name}! Your access has been granted. Please re-scan your device to open the door."

2. Only admin has the privilege to add or approve new devices.

   • [ ] Once the person has authenticated and associated the device with their account this will go into an approval queue.
   • [ ] People with admin privilege can approve the access of the device/person to specific doors using a check-box based interface. The default will be "open all external doors".

3. If the device is lost/stolen an admin should be able to revoked access to prevent unauthorised entry.

[th0mas]

To implement these features we need several things in place

• Role based access within Auth - https://github.com/dwyl/auth/issues/31 - so we can identify admins

• A notification system - #13

I believe both of these are out of scope for this project, so using external platforms (e.g. Auth for Role based access) would be ideal

[th0mas]

@nelsonic How are we going to identify the User for step 1?

• If an unrecognised tag is scanned, the system will not be able to associate this with a user without going through the Dwyl auth flow or the building manager typing in an email address. Access in the Hub is User based, so we can't authenticate devices that are not attached to a user without a significant rewrite.

• I'm guessing when a device is rescanned authorisation would have already happened, courtesy of admin. This could take a while as they will have to associate with an email unless we rewrite.

  I suggest Admin opening the door remotely, then pairing and authenticating NFC tags once inside where the user can properly authenticate.

Also:

• To send a notification, we need to have an app working to send this notification to. Is this on any roadmap currently?

• Role-based access needs to be ready on Auth for any of these features to be developed.

Both the App and Role-Based Authentication are going to become blockers very quickly when implementing this MVP

[nelsonic]

@th0mas noted that the RBAC is a blocker. I will take a look at it ASAP.