June 30, 2023 Architecture Team Meeting Notes

Attendees

@Aleksander Reitsakas

@PSRAMKUMAR

@Taylor Downs

@karim.jindani

@Vasil Kolev

@Steve Conrad

@Meelis Zujev (Deactivated)

@Wes Brown

Apologies

 

 

 

Agenda

Presenter

Duration

Discussion

Sandbox

@Vasil Kolev

40 minutes

Vasil has a couple of topics from the Sandbox team for the arch team to discuss.

  • State vs stateless services - do we allow the receiving BB to validate roles/permissions?

  • Authenticating as a specific user when calling a DPG/product acting as a BB?

  • Service discovery

Other topics:

  • Real testing strategy and separation of responsibility for integration testing, calls to sandboxed BBs, Mocks vs Emulators (ready to use products like Mocoon vs Emulator implementation, deployability in sandbox)

    • Address in testing meeting

  • BBs that are cloud dependent or bigger than our infrastructure (installation and adaptation to specification, strategies to use, remote installations, tenant aware applications as BBs)

    • How can we deploy without DPG owners having access to our AWS environment?

      • Vendors need to provide configuration/deployment scripts (Helm charts, entrypoint scripts, etc). They should test in their own environment before ‘handing over’ to GovStack

    • How do we handle DPGs that are tied to specific cloud providers (AWS)? Is it a requirement that they be cloud agnostic? How do we handle on-prem requirements?

    • Need to identify infrastructure plan (TC and/or infrastructure team?)

    • Ramkumar to connect with Hani/Nico on infra requirements

  • Plugin API for BBs - related to service discovery, portal integration, infrastructure management, use case deployment and overall user experience once presented with the portal UI to manage what we are offering.

    • Portal application showing use cases available in the sandbox, allowing users to swap out BBs

    • Need APIs to determine what BBs are available, whether they are ready/running.

    • Define a standard set of APIs that are needed for any BB (arch team)

    • Do we need a BB registry?

  • Building block types, separation of requirements, UI building blocks, vertical stack BBs

    • Foundational vs functional

    • Identity BB vs Authorization services (security spec)

    • Steve/Ramkumar - Walk through authentication docs, UX docs, application concept with @Vasil Kolev

      • Identify and address any gaps

  • Use case management and implementation strategies, showcase vs use case, reusability of components, unification of the UC applications

    • Align on terminology

    • Some of this will be addressed as part of the Capabilities conversation in TC

Management of UX switching

@PSRAMKUMAR

@Steve Conrad

10 minutes

Review synchronous and async flows for UX switching. Review self-service and agent-led workflows as well.

Documentation from Ramkumar: https://govstack-global.atlassian.net/wiki/spaces/GH/pages/270139400

Architecture team to review and provide feedback.

  • 3 options are outlined - should we make a recommendation as to which approach is preferred?

    • OIDC is called out in the cross-BB auth as well

Mutual auth of ID/Registration

@Jaume DUBOIS

15 minutes

When going through a redirection, how do we provide authentication for both ID and Registration

Capabilities

@Steve Conrad

15 minutes

How should we define Capabilities?

Document from Jaume: https://docs.google.com/presentation/d/11zg0PQQKbpWFxwAc_oK12iM83ax8hUpBqlJHwB-kLGk/edit#slide=id.g1ab9444641b_0_218

Next steps/AOB

@Steve Conrad

5 minutes

What should we prioritize?

Action Items

Future Topics

  • Define a standard set of APIs that are needed for any BB to indicate that they are running, configured and ready to use in the sandbox (or test harness). Do we need a BB registry?