Mojaloop Community Central

Michael Richards
Michael Richards

Posted on

Design Authority Minutes 2023-05-31


Minutes of DA Meeting 2023-05-17






  • Actions from previous meeting
    • Issue 57 concluded
    • Issues 61 and 65 raised with FSPIOP SIG
  • Issue 102: SK
    • Enabling PFA would remove 65 users.
    • SK: want to reach out to warn some users.
    • Mojaloop CI account is one of those which require 2FA. MdB: we can do this. PSB: what is your idea? MdB: we'll figure this out.
    • Proposed flow: MdB will log in and generate a token which is valid for a given time, and configure the token in the CI.
    • MdB: there's another user called GitHub actions which will need to be included.
  • Issue 103 (MR)
    • PB: length can be set to anything. Would we propose a definite length? MR: yes.
    • PB: we can also specify a character set.
    • JF: do we have to enforce a particular method of generating a unique identifier? MR - we need to be able to check that one is unique
    • SK - we shouldn't rule out UUID without hyphens. UUID is generally used and has an IETF specification which is widely reviewed and published. On regular expressions: regex does not in fact check uniqueness.
    • PSB: vNext uses 128-bit numbers. We strip the hyphens from the UUID and it turns into a 128-bit number.
    • SK: assuming it's not too onerous to remove hyphens, we could just do that in PM
    • PSB: we already check for uniqueness, which means that it doesn't matter how the number is generated
    • PB: collision is so rare you shouldn't need to check that they're unique. PSB, SK: you need to check. When you make the check, you don't need the ID to be unique.
    • PB: CUID is cleaner and smaller, but it's new. Not quick to generate, which is not a problem for us. MdB: there's already a version 2. PB: we're only interested in version 2
    • MdB: should Mojaloop make any changes
    • MdB: removing the dashes is not a standard. So we should use CUID or similar
    • MdB: or we should use a separate internal identifier for external messages.
    • PSB: we don't care which form of identifier is used, we only care if it's in fact unique.
    • MR: whatever the FSPIOP SIG decides is OK with the DA?
    • MR: uniqueness is only per ID type. Does this matter?
  • Old issues
    • No time for these


  • MdB: Move CI account to 2FA
  • MR: report to FSPIOP SIG on Issue 103

Top comments (1)

hunterp profile image
Paula Hunter

@mjbrichards Please note that @samk is an employee of the Mojaloop Foundation.