- Paul Baker email@example.com (PB)
- Pedro Barreto firstname.lastname@example.org (PSB)
- Miguel de Barros email@example.com (MdB)
- Tom Daly firstname.lastname@example.org (TD)
- Johann Foley email@example.com (JF)
- Sam Kummary firstname.lastname@example.org (SK)
- Paul Makin email@example.com (PM)
- Michael Richards Michael.Richards@infitx.com (MR) (Chair)
- Jane Stroucken Jane.Stroucken@infitx.com (JS)
- Aung Thaw Aye AungThaw.Aye@thitsaworks.com AT
- Jason Bruwer firstname.lastname@example.org (JB)
- Greg McCormick email@example.com (GM)
- Simeon Oriko firstname.lastname@example.org (SO)
- Justus Ortlepp email@example.com (JO)
- Report on actions from last meeting
- Update on Issue 102: Enable 2FA for all Mojaloop GitHub users (SK)
- Issue 103: Changing the basis of UUID generation for Mojaloop (MR)
- Closing outstanding issues (All)
- Actions from previous meeting
- Issue 57 concluded
- Issues 61 and 65 raised with FSPIOP SIG
- Issue 102: SK
- Enabling PFA would remove 65 users.
- SK: want to reach out to warn some users.
- Mojaloop CI account is one of those which require 2FA. MdB: we can do this. PSB: what is your idea? MdB: we'll figure this out.
- Proposed flow: MdB will log in and generate a token which is valid for a given time, and configure the token in the CI.
- MdB: there's another user called GitHub actions which will need to be included.
- Issue 103 (MR)
- PB: length can be set to anything. Would we propose a definite length? MR: yes.
- PB: we can also specify a character set.
- JF: do we have to enforce a particular method of generating a unique identifier? MR - we need to be able to check that one is unique
- SK - we shouldn't rule out UUID without hyphens. UUID is generally used and has an IETF specification which is widely reviewed and published. On regular expressions: regex does not in fact check uniqueness.
- PSB: vNext uses 128-bit numbers. We strip the hyphens from the UUID and it turns into a 128-bit number.
- SK: assuming it's not too onerous to remove hyphens, we could just do that in PM
- PSB: we already check for uniqueness, which means that it doesn't matter how the number is generated
- PB: collision is so rare you shouldn't need to check that they're unique. PSB, SK: you need to check. When you make the check, you don't need the ID to be unique.
- PB: CUID is cleaner and smaller, but it's new. Not quick to generate, which is not a problem for us. MdB: there's already a version 2. PB: we're only interested in version 2
- MdB: should Mojaloop make any changes
- MdB: removing the dashes is not a standard. So we should use CUID or similar
- MdB: or we should use a separate internal identifier for external messages.
- PSB: we don't care which form of identifier is used, we only care if it's in fact unique.
- MR: whatever the FSPIOP SIG decides is OK with the DA?
- MR: uniqueness is only per ID type. Does this matter?
- Old issues
- No time for these
- MdB: Move CI account to 2FA
- MR: report to FSPIOP SIG on Issue 103