Agenda

Presenter

Duration

Discussion

Sandbox

@Vasil Kolev

40 minutes

Vasil has a couple of topics from the Sandbox team for the arch team to discuss.

• State vs stateless services - do we allow the receiving BB to validate roles/permissions?

• Authenticating as a specific user when calling a DPG/product acting as a BB?

• Service discovery

Other topics:

• Real testing strategy and separation of responsibility for integration testing, calls to sandboxed BBs, Mocks vs Emulators (ready to use products like Mocoon vs Emulator implementation, deployability in sandbox)

  • Address in testing meeting

• BBs that are cloud dependent or bigger than our infrastructure (installation and adaptation to specification, strategies to use, remote installations, tenant aware applications as BBs)

  • How can we deploy without DPG owners having access to our AWS environment?

    • Vendors need to provide configuration/deployment scripts (Helm charts, entrypoint scripts, etc). They should test in their own environment before ‘handing over’ to GovStack

  • How do we handle DPGs that are tied to specific cloud providers (AWS)? Is it a requirement that they be cloud agnostic? How do we handle on-prem requirements?

  • Need to identify infrastructure plan (TC and/or infrastructure team?)

  • Ramkumar to connect with Hani/Nico on infra requirements

• Plugin API for BBs - related to service discovery, portal integration, infrastructure management, use case deployment and overall user experience once presented with the portal UI to manage what we are offering.

  • Portal application showing use cases available in the sandbox, allowing users to swap out BBs

  • Need APIs to determine what BBs are available, whether they are ready/running.

  • Define a standard set of APIs that are needed for any BB (arch team)

  • Do we need a BB registry?

• Building block types, separation of requirements, UI building blocks, vertical stack BBs

  • Foundational vs functional

  • Identity BB vs Authorization services (security spec)

  • Steve/Ramkumar - Walk through authentication docs, UX docs, application concept with @Vasil Kolev

    • Identify and address any gaps

• Use case management and implementation strategies, showcase vs use case, reusability of components, unification of the UC applications

  • Align on terminology

  • Some of this will be addressed as part of the Capabilities conversation in TC

Management of UX switching

@PSRAMKUMAR

@Steve Conrad

10 minutes

Review synchronous and async flows for UX switching. Review self-service and agent-led workflows as well.

Documentation from Ramkumar: UX Switching

Architecture team to review and provide feedback.

• 3 options are outlined - should we make a recommendation as to which approach is preferred?

  • OIDC is called out in the cross-BB auth as well

Mutual auth of ID/Registration

@Jaume DUBOIS

15 minutes

When going through a redirection, how do we provide authentication for both ID and Registration

Capabilities

@Steve Conrad

15 minutes

How should we define Capabilities?

Document from Jaume: https://docs.google.com/presentation/d/11zg0PQQKbpWFxwAc_oK12iM83ax8hUpBqlJHwB-kLGk/edit#slide=id.g1ab9444641b_0_218

Next steps/AOB

@Steve Conrad

5 minutes

What should we prioritize?

• GERA document/review - articulate core concerns

• Workflows/Core Capabilities

• Testing with Information Mediator

• Revisit Security Specifications

• Mapping out BB interactions/domain diagrams

  • Aleksander has some resources/starting point

    • Overall structure of GovStack solution

  • Sandbox team has happy flow document that we can walk through

    • Minimum Viable Product (MVP) eg. Happy Flow