Versions Compared

Old Version 1

changes.mady.by.user Steve Conrad

Saved on

compared with

New Version 2

changes.mady.by.user Steve Conrad

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Attendees

Apologies

Agenda

Presenter

Duration

Discussion

Follow up on ID/Auth questions

Steve Conrad

PSRAMKUMAR

30 minutes

Notes from previous conversation: December 15, 2023 Architecture Team Meeting Notes

Potential next steps:

  • Walk through a few specific use cases/scenarios to outline/document what authorization needs are

    • Develop design patterns to manage those scenarios

  • Design/Develop reference application with central authentication, decentralized authorization

    • Who participates? What is the process?

  • Draft at least one approach

Vasil to develop a document that outlines the core questions/implementation concerns that you have. From there, could you work with Smita and Trev to outline the flow/process that is needed so that we can identify any gaps in the BB specs or documentation.

Propose to use this document as a baseline - ensure that it accurately frames the issues: Authentication and Cross-BB Authorization

Question: Should we frame multiple approaches or design patterns?

  • Call out that in some cases, central authorization/authentication is desirable, in other cases we don’t want that.

Additional Notes:

  • Types of accessors checked (human, back-end systems, apps or browser, robots, hardware, ..)

  • Granularity of access control (Building block, module, API, single API service, single API service for specific tenant or data)

From Technical Committee Meeting:

BBs should not own RBAC - the calling applications are responsible for it. 

Are we using token based authorization within the request to BB?

How to get candidates bypass its own RBAC?

  1. Superuser access to be given when merging with IM backend?

  2. Or control to switch off existing RBAC in target BBs

  3. option to have api token registered in IM at max permission level for specific member entities

  4. come up with a concrete example for this case

PAERA Document

Aare Laponin

10 minutes

Update on development of Chapter 4 and assign reviewers

Priorities for 2024

Steve Conrad

10 minutes

What are the most important conversations for the architecture team in 2024

Action Items

  • Ramkumar to connect with Hani/Nico on infra requirements

Additional Future Topics

  • SSO vs. central portal - can we provide guidance for both?

  • Define a standard set of APIs that are needed for any BB to indicate that they are running, configured and ready to use in the sandbox (or test harness). Do we need a BB registry?

  • Decoupling BBs into smaller pieces, as well as talking about an approach for existing products which span multiple BBs

  • How to articulate the different levels/scopes of building blocks - foundational/DPI, functional, and possibly application (things like eMarketplace). This should be clearly articulated in GovStack documentation. Also articulate how service blocks fit in to this paradigm.

    • Identify BBs that are missing/needed and develop plan to address those new BBs - get feedback from Egypt and Kenya meetings

  • Questions about IM from Egypt deep dive

  • Defining user personas and journeys - outputs would be overall messaging, providing high-level guidance. How does GovStack work to deliver value.

  • Providing guidance on specific questions coming from country engagement

  • Example implementations - having BB groups work on them.

...