Agenda

Presenter

Duration

Discussion

Technical Reviews of BB specs

Steve Conrad

10 minutes

Architecture team to review Wave 3 specifications:

• UI/UX - https://app.gitbook.com/o/pxmRWOPoaU8fUAbbcrus/s/Xygp83qW0E147CCaqsI0/

• eSignature -

• eMarketplace

Decoupling BBs

Steve Conrad

15 minutes

How do we handle large DPGs as BB candidates?

Capabilities/Service Blocks

Wes Brown

15 minutes

Review service block (capabilities) template

GERA Update

Aare Laponin PSRAMKUMAR

15 minutes

Update on changes to GERA document and progress/next steps

Next steps/AOB

Steve Conrad

5 minutes

What should we prioritize?

• GERA document/review - articulate core concerns

• Workflows/Core Capabilities

• Testing with Information Mediator

• Revisit Security Specifications

• Mapping out BB interactions/domain diagrams

  • Aleksander has some resources/starting point

    • Overall structure of GovStack solution

  • Sandbox team has happy flow document that we can walk through

    • Minimum Viable Product (MVP) eg. Happy Flow

Future topic - Fall 2023

Manage Access Authorization to BB APIs

Jaume DUBOIS

30 minutes

• Types of accessors checked (human, back-end systems, apps or browser, robots, hardware, ..)

• Granularity of access control (Building block, module, API, single API service, single API service for specific tenant or data)

From Technical Committee Meeting:

BBs should not own RBAC - the calling applications are responsible for it. 

Are we using token based authorization within the request to BB?

How to get candidates bypass its own RBAC?

1. Superuser access to be given when merging with IM backend?

2. Or control to switch off existing RBAC in target BBs

3. option to have api token registered in IM at max permission level for specific member entities

4. come up with a concrete example for this case