November 10, 2023 Architecture Team Meeting Notes
Attendees
Apologies
Agenda | Presenter | Duration | DiscussionFo |
Follow up on ID questions | @Steve Conrad @PSRAMKUMAR @smita.selot @Vasil Kolev | 30 minutes | Vasil to develop a document that outlines the core questions/implementation concerns that you have. From there, could you work with Smita and Trev to outline the flow/process that is needed so that we can identify any gaps in the BB specs or documentation.
We need to ensure that everyone is aligned on ID and Authorization - ID BB is oriented only around foundational ID, not authorization. Do we need to create a new Authorization BB that manages SSO, JWT, screen switching, etc. Manages ID and auth across multiple applications. Can the architecture team develop and manage this BB spec? Aleks: Roles and permissions need to be managed in each application. Functional Identity should be managed in one place Need functional IDs for each system, but an SSO system to link. Each application would manage functional authentication - MOSIP has a partner auth system - links to foundational ID, and there is a functional ID for each application/system. From the functional ID, generate a JWT that can be used. IM has a list of different systems/apps - need to keep that linked with the auth system.
Write up a proposal document outlining 1 or 2 scenarios for conversation/discussion. |
GovStack Portal Question | @Steve Conrad @PSRAMKUMAR | 20 minutes | There have been discussions that imply that GovStack implementations would have a ‘central portal’.
Explore the differences between an SSO system vs a central portal. |
PAERA Update | @Aare Laponin @PSRAMKUMAR | 10 minutes | Update on changes to PAERA document and progress/next steps Working draft: Ready for review and comment (Sections 1-3). Steve and Wes to review. Need to decide where this lives for the upcoming release (GitBook, linked, PDF)?
|
Prioritize future topics | @Steve Conrad | 10 minutes |
|
Future topic - Fall 2023 Manage Access Authorization to BB APIs | @Jaume DUBOIS | 30 minutes |
From Technical Committee Meeting: BBs should not own RBAC - the calling applications are responsible for it. Are we using token based authorization within the request to BB? How to get candidates bypass its own RBAC?
|
Action Items
Ramkumar to connect with Hani/Nico on infra requirements
Additional Future Topics
Define a standard set of APIs that are needed for any BB to indicate that they are running, configured and ready to use in the sandbox (or test harness). Do we need a BB registry?
Decoupling BBs into smaller pieces, as well as talking about an approach for existing products which span multiple BBs
How to articulate the different levels/scopes of building blocks - foundational/DPI, functional, and possibly application (things like eMarketplace). This should be clearly articulated in GovStack documentation. Also articulate how service blocks fit in to this paradigm.
Identify BBs that are missing/needed and develop plan to address those new BBs - get feedback from Egypt and Kenya meetings
Questions about IM from Egypt deep dive
Exchanging large amounts of data through IM (MRIs, etc)
Real-time streaming
Taylor: we'd likely need to find some experts on open-source video chat apps, see how Self-Hosting Guide - Debian/Ubuntu server | Jitsi Meet fits into the IM, and ALSO talk about things like email clients and servers
Defining user personas and journeys - outputs would be overall messaging, providing high-level guidance. How does GovStack work to deliver value.
Providing guidance on specific questions coming from country engagement
Example implementations - having BB groups work on them.