2023-10-09 - Work meeting

Oct 9, 2023 10:30-12:00 CET

About this document: Agenda and notes are kept in the same document, a separate copy of the document is maintained for each meeting. Please add agenda points before the meeting. Action items created in previous meeting and all other unresolved action items are kept in the document. Please tick off any completed items.

Attendees

  • @Benjamin Balder Bach (note keeper)

  • @George J Padayatti

 

CC: @PSRAMKUMAR @Philippe Page @Lal Chandran @Ain Aaviksoo

Meeting Notes

Agenda

Presenter

Discussion

Agenda

Presenter

Discussion

API endpoint alignment w/ iGrant team

 

(off topic) Benjamin will figure out what the status is for GovStack's Swagger accounts, they cannot display the Consent BB due to an account limit / suspension.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Action items

Why is the QA branch default? It creates confusion around what's the most recent version of our API spec. @Benjamin Balder Bach
How detail should pagination API specs be: Do we want to be able to add pagination values to the response API? @Benjamin Balder Bach
Can additional fields be added and will that pass verification tests? @Benjamin Balder Bach will clarify.

 

Decision

  1. We'll add explicit <name>_id fields for foreign key relations in schemas, for instance $ref: '#/components/schemas/Policy' (this was always the intention, but OpenAPI unfortunately doesn't permit to explicitly store foreign key relation types)
  2. Controller schema will be removed and replaced by fields in the Agreement model.
    It's still possible for a product to manage Controller objects separately but having the requirement isn't really existential to the specification. So it's up to the product to "do better" here.
  3. All ID fields have to be non-required, as they are not required in CREATE endpoints. We're not going to create separate schemas for CREATE / UPDATE endpoints, this will produce a lot of noise.
  4. Policy.version has to be possible to maintain automatically or manually.
  5. Revision.schema_name is the type of document that we revise: It can be for instance "Agreement" or "Policy". We will try to add an enum for the OpenAPI spec to express exactly what can be revisioned.
  6. Let's be clear in descriptions for oneOf fields.
  7. /config/policy/{policyId}/revisions/ needs to list all revisions of a policy, fix the description.
  8. All endpoints should return a dictionary object rather than a single object type or array (LIST operations) so it's possible for the solution to extend responses with additional fields.
  9. JCS will be used for serializing Signature object payload + verification_payload.