Attendees
Apologies
Agenda | Presenter | Duration | Discussion |
Manage access authorization to BB APIs | 30 minutes |
| |
Management of UX switching | 10 minutes | Review synchronous and async flows for UX switching. Review self-service and agent-led workflows as well. Documentation from Ramkumar: UX Switching Architecture team to review and provide feedback.
Karim: In context of Payment BB, I have come across 2 requirements - 1 in which PayBB is the UI on which a party will redirect and another in which PayBB has to redirect to other UI.
Ramkumar: For this scenario, the user needs to be registered/onboarded already. This UX switching mechanism validates that the user is valid using JWT/token (option 1). We can validate the application should have access using the third option. Ramkumar to update UX switching to prioritize the first and third option (possibly move the 3rd option above the iframe option) and document that both OIDC and IM can be used together. Uwe: Is the ID BB used for both foundational ID as well as functional ID in this workflow? Ramkumar: The application should hold the functional ID and roles for a particular user Vasil: How does a BB understand what role a particular user has when making a call? Ramkumar: The application will control the access to the various BBs Vasil: Existing applications will already have roles and permissions defined and access control. We should not fully open up access to an external application. Ramkumar: A BB is not an application, but should expose the API layer. An application like DIIA will have to separate out different BB functionalities as APIs Vasil: SSO usually means that each different application/component will manage the roles/permissions that the user will have. Ramkumar: may need to revisit the overall portal concept that provides access to different applications/services | |
Infrastructure APIs | 20 minutes |
In Sandbox, if we want to run multiple instances of a BB (giving user ability to swap out BBs), we need to have a mechanism to map the IP/URL/endpoints of the new BB. What is needed for a ‘general GovStack’ implementation vs what is specific to Sandbox. Conversation started last year but was deprioritized: administrative APIs and audit APIs | |
Next steps/AOB | 5 minutes | What should we prioritize?
|
Action Items
Ramkumar to connect with Hani/Nico on infra requirements
Ramkumar to update UX switching document
Arch team members to review UX Switching document: UX Switching
Future Topics
Define a standard set of APIs that are needed for any BB to indicate that they are running, configured and ready to use in the sandbox (or test harness). Do we need a BB registry?