June 16, 2023 Architecture Team Meeting Notes
Attendees
@Aleksander Reitsakas
@Mauree, Venkatesen
@Taylor Downs
@Uwe Wahser
@Aare Laponin
@Jaume DUBOIS
@PSRAMKUMAR
@Steve Conrad
Apologies
Agenda | Presenter | Duration | Discussion |
Management of UX switching | @PSRAMKUMAR | 40 minutes | Context - payments BB onboarding new users (after eligibility determination). Registration BB will send message with link that will direct to a UX provided by Payments for the user to enter financial details (account #, etc) Jaume: standard process is that the UX should always be provided by the application, not by individual BBs.
Ramkumar: what should the mechanism be? Iframe/embedding or redirection? Do we need to pass a token when switching UX? How does OIDC handle this? How do we know what user/screen to return to? 2 scenarios - one is self-directed (I am managing the flow on my own), the other is operator-assisted
Registration - needs to hand over UX to payment. Provides redirect link. Information entered in payment UX. How do we return? Do we need a return URL along with a token that identifies the user/session as well as information on the success/failure of the transaction?
Aleksander - do we need an SSO mechanism? Is there a difference between synchronous and async? Synchronous - user is going directly from registration to payments. Async - registration sends an SMS link to mobile and user accesses outside of the context of the app
Jaume - we need to track consent/authorization being given and for how long (this is different than consent BB functionality)
Ramkumar to map out async flow. Ingmar to develop sync flow (biometric authentication or authorization) |
Authorization of systems | @Jaume DUBOIS | 10 minutes | User authenticates into an application. After that, authorization should be system to system Aare: authorization of system is different than authorization of organization Need a clear documentation of the layers and how an application consumes those layers. GovStack is the lower layers
|
Capabilities | @Steve Conrad | 15 minutes | How should we define Capabilities? Document from Jaume: GovStack release capabilities |
Next steps/AOB | @Steve Conrad | 5 minutes | What should we prioritize?
|