...
Agenda | Presenter | Duration | Discussion |
| 10 minutes | ||
| 30 minutes | Taylor: there is a spectrum between highly specific API definitions and more generic definitions. We also need to think about data standards vs metadata standards. Is GovStack a highly-prescriptive initiative (meaning fewer compliant products and compliance is more difficult) or more generalized (which will result in more effort required for each specific implementation) Jaume: Previous experience with ID/OSIA indicates that we should define behavioral/functional standards, but not specific data structures. Too much precision can lead to vendor lock-in Rachel: Whatever decision we make, we need to ensure that all BBs follow the same level of specificity. If we lose the ability to ‘switch’ products, then we lose the value of GovStack. Taylor: Being able to do seamless switching between products (without additional effort) requires detailed data standards. Metadata standards would mean that you need to do some work, but won’t need to re-architect. Aleksander: Advocate for detailed standards Jaume: We don’t have the ability or jurisdiction to define standards for many things - needs to be done at a governmental level. Ramkumar: We can use adapters to allow people to switch between products. The adapters can transform data to make compatible. We can define common/minimal data standards. Steve: Can we clearly defined what is prescribed/strictly defined in the specification, and what fields are defined only as metadata Rachel: This decision should be made at a higher level by the GC, because there are consequences/costs. Tech committee should make a recommendation and pass to the Governance committee. Jaume: Some sectors have well-defined standards. Where we have those, we could leverage. | |
BB Authorization
| 10 minutes | The X-Road model uses the security server to validate that an application has access, as opposed to passing an API key or auth token. What should our approach be? If we don’t use an auth token, how does a product register with the IM/security server? Can we include an auth token in addition to the ssl cert provided by IM? Ramkumar: IM shouldn’t care about the payload or headers of that request. Headers should go all the way through to a service. Aleksander: Will verify if that’s possible and we can reconnect offline. | |
Meeting Cadence | 5 minutes | ||
Sprint review/scrum-of-scrums
| 30 minutes |
Meeting Recording
Action Items
...