Agenda

Presenter

Duration

Discussion

Technical Reviews of BB specs

@Steve Conrad

10 minutes

Architecture team to review Wave 3 specifications: Target Friday August 11 to complete reviews

• UI/UX - https://app.gitbook.com/o/pxmRWOPoaU8fUAbbcrus/s/Xygp83qW0E147CCaqsI0/ - reach out to Yolanda/Ayush/country team for review, as well as TC members and Gofore (Artun and Jonas)

  • How to design a service using the GovStack BBs. Should complement the Implementation playbook

• eSignature - https://app.gitbook.com/o/pxmRWOPoaU8fUAbbcrus/s/ZpypLvJhKezO3prCNVTS/ - @Aare Laponin

• eMarketplace - https://app.gitbook.com/o/pxmRWOPoaU8fUAbbcrus/s/PUIGDILlDRSOB6K47k6e/ - @Aare Laponin

Decoupling BBs

@Steve Conrad

15 minutes

How do we handle large DPGs as BB candidates?

Finalize UX Switching

@PSRAMKUMAR

15 minutes

Finalize document and make plans to disseminate to TC and BB groups

• Steve to update Confluence document with latest changes from Ramkumar

  • Refactor to show as sequence diagram. Use ‘application’ and ‘auth services’ nomenclature.

  • Ramkumar to update to implement API call to receive token to avoid race condition

• 4th option is the preferred option. Implementers may choose to implement other options if they are suitable. There may be UX flows that do not require the 4th option and implementers can choose a simpler path to handoff UX.

GERA Update

@Aare Laponin @PSRAMKUMAR

15 minutes

Update on changes to GERA document and progress/next steps

• Arch team is not actively engaged in changing this document.

• Aare working to develop a simple overview/reference document - introduction, definitions, context, reference architecture, implementation guidelines

Capabilities/Service Blocks

@Wes Brown

15 minutes

Review service block (capabilities) template

Next steps/AOB

@Steve Conrad

5 minutes

What should we prioritize?

• GERA document/review - articulate core concerns

• Workflows/Core Capabilities

• Testing with Information Mediator

• Revisit Security Specifications

• Mapping out BB interactions/domain diagrams

  • Aleksander has some resources/starting point

    • Overall structure of GovStack solution

  • Sandbox team has happy flow document that we can walk through

    • Minimum Viable Product (MVP) eg. Happy Flow

Future topic - Fall 2023

Manage Access Authorization to BB APIs

@Jaume DUBOIS

30 minutes

• Types of accessors checked (human, back-end systems, apps or browser, robots, hardware, ..)

• Granularity of access control (Building block, module, API, single API service, single API service for specific tenant or data)

From Technical Committee Meeting:

BBs should not own RBAC - the calling applications are responsible for it. 

Are we using token based authorization within the request to BB?

How to get candidates bypass its own RBAC?

1. Superuser access to be given when merging with IM backend?

2. Or control to switch off existing RBAC in target BBs

3. option to have api token registered in IM at max permission level for specific member entities

4. come up with a concrete example for this case