Weekly notes IDBB w41

Oct 7, 2022

Attendees

  • @Torsten Lodderstedt (Unlicensed)

  • @sasi

  • @PSRAMKUMAR

  • @Vishwanath V

Meeting Note

Agenda

Presenter

Discussion

 

Agenda

Presenter

Discussion

 

Review Authentication/eKYC API from MOSIP

 Vishwa

Presented quickly the API within time available, the API will be further published in GovStack IDBB to prepare for a review process.

It has been noted a point on making mandatory/recommended or optionnal encryption of user PII data as if it can be a security improvement it has to be weighted against complexity of secret life cycle management and exchanges. This point will be touched again during the reviews.

We discussed the will of IDBB to base eKYC services on VC and to make consent presentation mandatory when using them (consent being obtained once after authentication of the individual and being usable several time until its expiration)

Ideally we would like to leverage again OIDC for this purpose, may reuse the Authentication token as consent token.

Torsten has recomment to watch some work done by OIDf related to management of:

https://openid.net/specs/fapi-2_0-baseline-01.html

https://openid.net/specs/fapi-grant-management-01.html

To be noted that the current API validation process is indepent from the prototyping donc for the GovStack demo which will be full of learnings for the API.

 

Publication of API and review process

Vishwa

On next IDBB WG meeting (next Tuesday), we will publish on GitHub the API ready for start review of it. @Rachel Lawson (Unlicensed) will be invited to the meeting for providing guideline and training for this first API inclusion in GitHub (and associated GitBook)

Once the API will be published a call for review will be sent to the IDBB WG members (including new ones) and formal review meeting will be organized, after review will opened to overall GovStack members and GovStack community.

 

Validation

Ramkumar

Ramkumar highlighted the need to involve a Technical Specialist with the API Validation team lead by @Satyajit Suri, up to now the recruitment process of resources identified for that is not achieved and MOSIP team don’t have bandwidth to cover that aspect. Discussion need to happen between @Jaume DUBOIS and @Satyajit Suri to see how to realign that validation work according to resources availability.

At the moment, gaps between use case and IDBB APIs have been identified and reported in the Mother & Child Post Partum Care. A review should be held to align on that.

 

Action Items

@Jaume DUBOIS to book a regular IDBB review on Thursday’s 10:30 CET to review action status/tackle issues
Invite @Taylor Downs for the next week to talk on APIs roadmap for the short term also about what application level responsibilities (ie errors management, redirecting)
@PSRAMKUMAR should talk to @Esther Ogunjimi (Unlicensed) about the best way to report weeklies on Confluence (my recommendation is to have cumulative way, which allows to have access to whole history, to have a precise follow-up and to write little notes each time) on-hold
[w32] @Jaume DUBOIS to invite @Ingmar Vali in next meeting in order to talk about UIs integration
[w32] @Jaume DUBOIS to go on test plan draft ( Test plan [DRAFT] - GovStack - GovStack Wiki ), it will be moved into GitHub once format will be understood > will need @Taylor Downs support
[w32] @Jaume DUBOIS to define how/who will manage spec migration into GitHub format (for now on-hold until clear guideline received)
[w32] @Jaume DUBOIS Add into IDBB backlog auditable logs - transaction log, administrative changes log, performance log, security log
[w33] @Jaume DUBOIS to share a web sequence diagram to describe in details interactions for authentication and a form filling > LINK
[w39] @Jaume DUBOIS to organize a call with @sasi@Ingmar Vali to go on technical integration > URL/openAPI not yet ready, still open, should be resolved by w41
[w39] @sasi to formalize API with support from @Jaume DUBOIS will be ready on w41
[w41] @Jaume DUBOIS will prepare a web sequence diagram to illustrare a generic ID Attribute sharing based on a consent given. It will be reviewed this week within the working group and if agreed will be presented as part of the Technical Committee of w41 > Draft sequence diagram is there (under internal review)
[w42] Vishwa/Sasi to make sure the openAPI proposal is properly commented for easy understanding from reviewers
[w42] Jaume to organize a review on MCPPC use case with @Ingmar Vali @Satyajit Suri @PSRAMKUMAR IDBB WG
[w42] Jaume to invite Rashel to next IDBB meeting

Decisions

  1. MOSIP will provide a demo instance (see 3 steps delivery plan in notes)
  2. [w32] IDBB will have its own UI. API and UI level switching are required but credential data security and privacy must be ensured > Meeting will happen w32 with Registration buildblock to cover that point.
  3. [w38] Torsten Lodderstedt (from OpenID Foundation) will join IDBB workgroup to support Authentication/KYC API definition
  4. [w39] GovStack demo should adapt to showcase IDBB block features capacities (added value)