September 8, 2023 Architecture Team Meeting Notes

Attendees

@Wes Brown

@PSRAMKUMAR

@Taylor Downs

@Trev Harmon

@Steve Conrad

@Paweł Gesek

Apologies

 

 

 

Agenda

Presenter

Duration

Discussion

Technical Reviews of BB specs

@Steve Conrad

10 minutes

Architecture team to review Wave 3 specifications: Target Friday August 11 to complete reviews

Update on review process:

Wes to review Wave 3 BBs to ensure that they are aligned to the template.

Ramkumar to work with Wave 3 teams to get complete list of contributors.

@Steve Conrad - Set up meeting with eMarketplace so that we can articulate the current and future scope, as well as what procurement functionality should be included (either current or future)

Specific question for Architecture team: MKT-154: Service APIs Section - Technical Review for Non-REST APIsDone

Provide clear examples of complete solutions that address a use case that show how they are composed of various BBs. Next release can focus more on service blocks and how to use GovStack to create solutions.

PAERA Update

@Aare Laponin @PSRAMKUMAR

15 minutes

Update on changes to PAERA document and progress/next steps

Working draft:

https://onedrive.live.com/Edit.aspx?resid=7B252BA6CB083436!9551&wdPid=5887d621&authkey=!AC4bdYfdJIaKi8M

Ready for review and comment (Sections 1-3). Steve and Wes to review.

Need to decide where this lives for the upcoming release (GitBook, linked, PDF)?

  • Put summary/overview in GitBook (in cross-cutting section) and then link out to full content (ie. PDF in GitHub)?

Capabilities/Service Blocks

@Wes Brown

15 minutes

Review service block (capabilities) template

Need clear definition of distinction between building block and service block.

Future Topic - September

@PSRAMKUMAR

 

Go through key learnings from Egypt deep dive and Kenya roadshow and map out how to address them in the architecture documents

Future Topic - October

@Wes Brown

 

Identify experts that can do reviews of all Wave 1, 2, 3 BBs and map out process for external reviews

Future Topic

@Steve Conrad

 

How to articulate the different levels/scopes of building blocks - foundational/DPI, functional, and possibly application (things like eMarketplace). This should be clearly articulated in GovStack documentation.

Identify BBs that are missing/needed and develop plan to address those new BBs

Future topic - Fall 2023

Manage Access Authorization to BB APIs

@Jaume DUBOIS

30 minutes

  • Types of accessors checked (human, back-end systems, apps or browser, robots, hardware, ..)

  • Granularity of access control (Building block, module, API, single API service, single API service for specific tenant or data)

From Technical Committee Meeting:

BBs should not own RBAC - the calling applications are responsible for it. 

Are we using token based authorization within the request to BB?

How to get candidates bypass its own RBAC?

  1. Superuser access to be given when merging with IM backend?

  2. Or control to switch off existing RBAC in target BBs

  3. option to have api token registered in IM at max permission level for specific member entities

  4. come up with a concrete example for this case

Action Items

  • Ramkumar to connect with Hani/Nico on infra requirements

Future Topics

  • Define a standard set of APIs that are needed for any BB to indicate that they are running, configured and ready to use in the sandbox (or test harness). Do we need a BB registry?