Weekly notes IDBB w41
Oct 7, 2022
Attendees
@Torsten Lodderstedt (Unlicensed)
@sasi
@PSRAMKUMAR
@Vishwanath V
Meeting Note
Agenda | Presenter | Discussion |
|
---|---|---|---|
Review Authentication/eKYC API from MOSIP | Vishwa | Presented quickly the API within time available, the API will be further published in GovStack IDBB to prepare for a review process. It has been noted a point on making mandatory/recommended or optionnal encryption of user PII data as if it can be a security improvement it has to be weighted against complexity of secret life cycle management and exchanges. This point will be touched again during the reviews. We discussed the will of IDBB to base eKYC services on VC and to make consent presentation mandatory when using them (consent being obtained once after authentication of the individual and being usable several time until its expiration) Ideally we would like to leverage again OIDC for this purpose, may reuse the Authentication token as consent token. Torsten has recomment to watch some work done by OIDf related to management of: https://openid.net/specs/fapi-2_0-baseline-01.html https://openid.net/specs/fapi-grant-management-01.html To be noted that the current API validation process is indepent from the prototyping donc for the GovStack demo which will be full of learnings for the API. |
|
Publication of API and review process | Vishwa | On next IDBB WG meeting (next Tuesday), we will publish on GitHub the API ready for start review of it. @Rachel Lawson (Unlicensed) will be invited to the meeting for providing guideline and training for this first API inclusion in GitHub (and associated GitBook) Once the API will be published a call for review will be sent to the IDBB WG members (including new ones) and formal review meeting will be organized, after review will opened to overall GovStack members and GovStack community. |
|
Validation | Ramkumar | Ramkumar highlighted the need to involve a Technical Specialist with the API Validation team lead by @Satyajit Suri, up to now the recruitment process of resources identified for that is not achieved and MOSIP team don’t have bandwidth to cover that aspect. Discussion need to happen between @Jaume DUBOIS and @Satyajit Suri to see how to realign that validation work according to resources availability. At the moment, gaps between use case and IDBB APIs have been identified and reported in the Mother & Child Post Partum Care. A review should be held to align on that. |
|
Action Items
Decisions
- MOSIP will provide a demo instance (see 3 steps delivery plan in notes)
- [w32] IDBB will have its own UI. API and UI level switching are required but credential data security and privacy must be ensured > Meeting will happen w32 with Registration buildblock to cover that point.
- [w38] Torsten Lodderstedt (from OpenID Foundation) will join IDBB workgroup to support Authentication/KYC API definition
- [w39] GovStack demo should adapt to showcase IDBB block features capacities (added value)