Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Agenda

Presenter

Duration

Discussion

  • Review pending action items

  • Risk register

nashcroft (Unlicensed)

10 minutes

Technical Risk Register

  • Data standards vs. metadata standards

    • How much structure is required by the API specs and how much is left up to the implementer

Taylor Downs

30 minutes

Taylor: there is a spectrum between highly specific API definitions and more generic definitions. We also need to think about data standards vs metadata standards. Is GovStack a highly-prescriptive initiative (meaning fewer compliant products and compliance is more difficult) or more generalized (which will result in more effort required for each specific implementation)

Jaume: Previous experience with ID/OSIA indicates that we should define behavioral/functional standards, but not specific data structures. Too much precision can lead to vendor lock-in

Pawel: The testing team is working on tests for ID BB - should we take the specifications exactly as developed by Mosip? Or try to develop a more generic set of functions? This is an important question to resolve

Rachel: Whatever decision we make, we need to ensure that all BBs follow the same level of specificity. If we lose the ability to ‘switch’ products, then we lose the value of GovStack.

Taylor: Being able to do seamless switching between products (without additional effort) requires detailed data standards. Metadata standards would mean that you need to do some work, but won’t need to re-architect.

Aleksander: Advocate for detailed standards

Jaume: We don’t have the ability or jurisdiction to define standards for many things - needs to be done at a governmental level.

Ramkumar: We can use adapters to allow people to switch between products. The adapters can transform data to make compatible. We can define common/minimal data standards.

Steve: Can we clearly defined what is prescribed/strictly defined in the specification, and what fields are defined only as metadata

Rachel: This decision should be made at a higher level by the GC, because there are consequences/costs. Tech committee should make a recommendation and pass to the Governance committee.

Jaume: Some sectors have well-defined standards. Where we have those, we could leverage.

BB Authorization

  • X-API-KEY

Taylor Downs

Steve Conrad

10 minutes

https://govstack-global.atlassian.net/wiki/spaces/GH/pages/49381394/UC-Post-Partum-001-Registration+PostPartum+and+InfantCare

The X-Road model uses the security server to validate that an application has access, as opposed to passing an API key or auth token. What should our approach be?

If we don’t use an auth token, how does a product register with the IM/security server?

Can we include an auth token in addition to the ssl cert provided by IM?

Ramkumar: IM shouldn’t care about the payload or headers of that request. Headers should go all the way through to a service.

Meeting Cadence

Steve Conrad

5 minutes

TC Process - Meetings and Responsibilities

Sprint review/scrum-of-scrums

  • Progress update and backlog review from each BB lead

  • Update from SolDevelo team

  • Update from Testing team

Steve Conrad

Dominika Bieńkowska (Deactivated)

Satyajit Suri

30 minutes

...