...
We lack adequate examples from domains outside health and this makes the “whole of government” approach which underpins the IM BB unclear.
We must explain WHAT the specification IS before diving in. This document is “a set of requirements for a building block that will enable a certain strategy for application-to-application communication across a government software ecosystem.”
We must explain more clearly that the IM BB neither produces nor consumes information—it merely moves information between producers and consumers in a secure, structured fashion.
We must better articulate the “discovery” services, ensuring that the process of finding members, applications, and available services is clear and obvious.
We must add a simplified diagram and process description that explains the relationship between the central server and the various security servers—pay careful attention to the “discovery” process and how a copy of the “global configuration” is distributed across the network of security servers.
In future iterations of this specification, we may take into consideration more broad API-management standards which include multiple domains, such as those proposed by the United Kingdom's Government in their Defining an API management strategy and the section on Gov.UK’s API Management Strategy Document.