开发者

recommendations for two challenging web app problems [closed]

开发者 https://www.devze.com 2022-12-14 11:56 出处:网络
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.

Closed 9 years ago.

Improve this question

I'm looking for recommendations for vendors - quite possibly start-ups - who can help with two challenging requirements for an app I'm building right now. We're really open to new and innovative solutions to these two challenges. I've got a lot of control in terms of dictating choice of browser, selection of hardware, and even choice of operating system (I could probably, for example, require the use of Macs).

Any recommendations, links, or insights would be really appreciated. I've spent some time poking around online, but there's a ton of companies offering the same old crap that would probably be hell to integrate with a modern web app.

So here's the situation. My client is a successful, long-standing consultancy in the fitness industry. In 2006 we developed a web application for managing the personal training departments of fitness clubs. This system is in use in approximately 20 organizations in Canada and the US, some of which are quite large. There are currently 1100 users of the system, which tracks over 50,000 clients and some 80,000 transactions totaling $25 million in sales for these clubs. The business model is Software-as-a-Service in conjunction with ongoing consulting and training, primarily to improve operations, sales, and human resource management.

We are currently developing a new and significantly expanded platform, using Ruby on Rails as our web application platform. We believe this application has the potential to acquire many new clients who are frustrated with current software solutions for the fitness industry, which tend to be bloated, complicated and hard-to-use.

One important thing to note about this system is that it handles multiple clubs, which are separate businesses in their own right, with their own clients, bank accounts, etc.

We're currently faced with two challenging requirements for the system.

Access Control

Clubs need to control access to their club. Some do this by keeping staff at a front-desk, others do this with a completely automated system. When clients walk in the front door, they need to swipe a card, enter a code, or use a biometric system (our preference is for the latter; the trend seems to be to use hand scanners that accept a code but also require hand placement on a pad for entry). The system needs to send this information to the web application, which will return a success/failure response in the case of a fully automated system, or display the client profile to front desk staff.

Requirements for working in a club:

  • physical scan to gain entry: card swipe or preferably, something biometric like a hand scanner. * can process many thousands of clients. * can prevent clients from entrance if they fail to be recognized, or if a failure code (e.g. membership expiry) is returned when the scan is performed.

Requirements for integration with web application:

  • sends identification information to computer in a way that can be read by a web application. Process: device scans the client, sends client's ID number to the web application, web application responds with yes/no for entry, and displays client information to front-desk staff. One possibility would be the availability of software, presumably provided by the manufacturer of the device, that would transmit the information read by 开发者_C百科the device into a web form, i.e. it would work like a keyboard wedge. We are open to recommendations.

  • When a client account is created, a unique identifier will be created by the web application. The device must provide some method of storing this unique identifier, either in the card itself in a card reader, or via some other method in other (e.g. biometric situations). In other words, the device must provide an interface that allows for the web application to set up new clients in conjunction with the device and the access control system.

Payment Processing

The application must be able to process credit- and debit-card payments. Most of these will be card-present transactions, both credit- and debit-card based. Customers of the fitness clubs (who are the customers of my client) that use the application will often be present to swipe their cards for their payments to be processed, which requires integration with PIN pads. Some of these will be one-time transactions, others will be recurring.

The application deals with separate businesses that all have their own bank accounts. The money from transactions processed by the app has to be deposited into the bank accounts that belong to individual businesses. I believe this means that PCI requirements are substantially more onerous for an app like this because my client is classed as a payment service provider, rather than just a user. My conversations with payment providers have indicated that the cost of this type of certification is much too high for my client to afford (something in the range of $100k, for hiring an independent security assessor and working with them to achieve compliance).

Additionally, if possible, the application should also support electronic funds transfer.

So far I think my preference is for partnership with a vendor who is already PCI-certified and has the PIN pads for card-present transactions, whose software has a good API that I can interact with via this web application.

I've got lots of experience with traditional e-commerce models in Rails, and I'm comfortable with the technical aspects of dealing with multiple bank accounts, but the certification requirements appear to be the major obstacle so far.


I think you've answered you own question with the payment processing. You need to partner with a vendor that is already PCI-certified. The fact that your clients will have recurring payments means you have to keep their customers' credit card numbers in a system, which requires PCI certification.

Regarding the access control, again a vendor should be able to help. I don't think you should look to send the challenge/request over the web. You'll need a local, low-cost PC to connect to the biometric or card reader.

I think you should maintain a local database of authenticated customers on the PC that handles access control. This is recommended because if the location's Internet connection goes down, customers still get in for their workouts. Use a batch system to keep the database updated.

Update: On further thought- the fitness centers will have a desk with a few computers used by employees. Set up a little web app on the controller PC to handle access. Train employees to go to the "Access Control Site" to manage access. You might even be able to embed an IFrame in your web app and point it to the local access manager to make it look like an integrated part of your SaaS offering.

0

精彩评论

暂无评论...
验证码 换一张
取 消