Agenda

Presenter

Duration

Discussion

Sandbox

Vasil Kolev

40 minutes

Vasil has a couple of topics from the Sandbox team for the arch team to discuss.

• State vs stateless services - do we allow the receiving BB to validate roles/permissions?

• Authenticating as a specific user when calling a DPG/product acting as a BB?

• Service discovery

Other topics:

• Real testing strategy and separation of responsibility for integration testing, calls to sandboxed BBs, Mocks vs Emulators (ready to use products like Mocoon vs Emulator implementation, deployability in sandbox)

  • Address in testing meeting

• BBs that are cloud dependent or bigger than our infrastructure (installation and adaptation to specification, strategies to use, remote installations, tenant aware applications as BBs)

  • How can we deploy without DPG owners having access to our AWS environment?

    • Vendors need to provide configuration/deployment scripts (Helm charts, entrypoint scripts, etc). They should test in their own environment before ‘handing over’ to GovStack

  • How do we handle DPGs that are tied to specific cloud providers (AWS)? Is it a requirement that they be cloud agnostic? How do we handle on-prem requirements?

  • Need to identify infrastructure plan (TC and/or infrastructure team?)

  • Ramkumar to connect with Hani/Nico on infra requirements

• Plugin API for BBs - related to service discovery, portal integration, infrastructure management, use case deployment and overall user experience once presented with the portal UI to manage what we are offering.

  • Portal application showing use cases available in the sandbox, allowing users to swap out BBs

  • Need APIs to determine what BBs are available, whether they are ready/running.

  • Define a standard set of APIs that are needed for any BB (arch team)

  • Do we need a BB registry?

• Building block types, separation of requirements, UI building blocks, vertical stack BBs

  • Foundational vs functional

  • Identity BB vs Authorization services (security spec)

  • Steve/Ramkumar - Walk through authentication docs, UX docs, application concept with Vasil Kolev

    • Identify and address any gaps

• Use case management and implementation strategies, showcase vs use case, reusability of components, unification of the UC applications

  • Align on terminology

  • Some of this will be addressed as part of the Capabilities conversation in TC

Management of UX switching

PSRAMKUMAR

Steve Conrad

10 minutes

Review synchronous and async flows for UX switching. Review self-service and agent-led workflows as well.

Documentation from Ramkumar: UX Switching

Architecture team to review and provide feedback.

• 3 options are outlined - should we make a recommendation as to which approach is preferred?

  • OIDC is called out in the cross-BB auth as well

Mutual auth of ID/Registration

Jaume DUBOIS

15 minutes

When going through a redirection, how do we provide authentication for both ID and Registration

Capabilities

Steve Conrad

15 minutes

How should we define Capabilities?

Document from Jaume: https://docs.google.com/presentation/d/11zg0PQQKbpWFxwAc_oK12iM83ax8hUpBqlJHwB-kLGk/edit#slide=id.g1ab9444641b_0_218

Next steps/AOB

Steve Conrad

5 minutes

What should we prioritize?

• GERA document/review - articulate core concerns

• Workflows/Core Capabilities

• Testing with Information Mediator

• Revisit Security Specifications

• Mapping out BB interactions/domain diagrams

  • Aleksander has some resources/starting point

    • Overall structure of GovStack solution

  • Sandbox team has happy flow document that we can walk through

    • Minimum Viable Product (MVP) eg. Happy Flow