Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Attendees

Apologies

Agenda

Presenter

Duration

Discussion

ID deep dive

Steve Conrad

PSRAMKUMAR

smita.selot

40 minutes

We need to answer foundational questions about ID - whether it is only foundational, or also functional ID.

How do we manage IAM/RBAC? Single Sign On?

How do we handle functional IDs

Ensure that we are aligned with Sandbox team

PAERA Update

Aare Laponin PSRAMKUMAR

10 minutes

Update on changes to PAERA document and progress/next steps

Working draft:

https://onedrive.live.com/Edit.aspx?resid=7B252BA6CB083436!9551&wdPid=5887d621&authkey=!AC4bdYfdJIaKi8M

Ready for review and comment (Sections 1-3). Steve and Wes to review.

Need to decide where this lives for the upcoming release (GitBook, linked, PDF)?

  • Put summary/overview in GitBook (in cross-cutting section) and then link out to full content (ie. PDF in GitHub)?

Prioritize future topics

Steve Conrad

10 minutes

  • GovStack and central portal question

  • Capabilities and Service blocks - develop a template

  • Adaptor building block - what is it? Is it needed?

  • Articulating different levels of building blocks - foundational, functional, application.

Future Topic - September

PSRAMKUMAR

Go through key learnings from Egypt deep dive and Kenya roadshow and map out how to address them in the architecture documents

  • Do we need an adaptor Building Block?

  • How do we align terminology with governments who may have a different view of particular BBs or services. Are there better ways to quickly agree on terms?

  • IM questions

    • Large data transfers through IM. How do we secure access to those resources?

    • Using IM on intranets

    • How do we handle IM failures?

    • Sandbox uses auto-approval process. Document that this is not recommended.

Future topic - Fall 2023

Manage Access Authorization to BB APIs

Jaume DUBOIS

30 minutes

  • Types of accessors checked (human, back-end systems, apps or browser, robots, hardware, ..)

  • Granularity of access control (Building block, module, API, single API service, single API service for specific tenant or data)

From Technical Committee Meeting:

BBs should not own RBAC - the calling applications are responsible for it. 

Are we using token based authorization within the request to BB?

How to get candidates bypass its own RBAC?

  1. Superuser access to be given when merging with IM backend?

  2. Or control to switch off existing RBAC in target BBs

  3. option to have api token registered in IM at max permission level for specific member entities

  4. come up with a concrete example for this case

Action Items

  • Ramkumar to connect with Hani/Nico on infra requirements

Additional Future Topics

  • Define a standard set of APIs that are needed for any BB to indicate that they are running, configured and ready to use in the sandbox (or test harness). Do we need a BB registry?

  • Decoupling BBs into smaller pieces, as well as talking about an approach for existing products which span multiple BBs

  • How to articulate the different levels/scopes of building blocks - foundational/DPI, functional, and possibly application (things like eMarketplace). This should be clearly articulated in GovStack documentation. Also articulate how service blocks fit in to this paradigm.

    • Identify BBs that are missing/needed and develop plan to address those new BBs - get feedback from Egypt and Kenya meetings

  • Questions about IM from Egypt deep dive

  • Defining user personas and journeys - outputs would be overall messaging, providing high-level guidance. How does GovStack work to deliver value.

  • Providing guidance on specific questions coming from country engagement

  • Example implementations - having BB groups work on them.

  • No labels