Minutes of DA Meeting 2023-05-17
Attendees:
- Paul Baker paul.baker@infitx.com (PB)
- Pedro Barreto pedrob@crosslaketech.com (PSB)
- Miguel de Barros miguel.debarros@infitx.com (MdB)
- Tom Daly tdaly61@gmail.com (TD)
- Johann Foley johannes.foley@sybrin.com (JF)
- Sam Kummary sam@infitx.com (SK)
- Paul Makin pmakin@mojaloop.io (PM)
- Michael Richards Michael.Richards@infitx.com (MR) (Chair)
- Jane Stroucken Jane.Stroucken@infitx.com (JS)
Apologies:
- James Bush jbush@mojaloop.io (JB)
- Godfrey Kutumela godfreyk@crosslaketech.com (GK)
Absent:
- Aung Thaw Aye AungThaw.Aye@thitsaworks.com AT
- Jason Bruwer jason.bruwer@coil.com (JB)
- Greg McCormick greg@frms.io (GM)
- Simeon Oriko simeonoriko@gmail.com (SO)
- Justus Ortlepp justus.ortlepp@gmail.com (JO)
Agenda:
- Report on actions from last meeting
- Update on Issue 102: Enable 2FA for all Mojaloop GitHub users (SK)
- Issue 103: Changing the basis of UUID generation for Mojaloop (MR)
- Closing outstanding issues (All)
- AOB
Minutes
- Actions from previous meeting
- Issue 57 concluded
- Issues 61 and 65 raised with FSPIOP SIG
- Issue 102: SK
- Enabling PFA would remove 65 users.
- SK: want to reach out to warn some users.
- Mojaloop CI account is one of those which require 2FA. MdB: we can do this. PSB: what is your idea? MdB: we'll figure this out.
- Proposed flow: MdB will log in and generate a token which is valid for a given time, and configure the token in the CI.
- MdB: there's another user called GitHub actions which will need to be included.
- Issue 103 (MR)
- PB: length can be set to anything. Would we propose a definite length? MR: yes.
- PB: we can also specify a character set.
- JF: do we have to enforce a particular method of generating a unique identifier? MR - we need to be able to check that one is unique
- SK - we shouldn't rule out UUID without hyphens. UUID is generally used and has an IETF specification which is widely reviewed and published. On regular expressions: regex does not in fact check uniqueness.
- PSB: vNext uses 128-bit numbers. We strip the hyphens from the UUID and it turns into a 128-bit number.
- SK: assuming it's not too onerous to remove hyphens, we could just do that in PM
- PSB: we already check for uniqueness, which means that it doesn't matter how the number is generated
- PB: collision is so rare you shouldn't need to check that they're unique. PSB, SK: you need to check. When you make the check, you don't need the ID to be unique.
- PB: CUID is cleaner and smaller, but it's new. Not quick to generate, which is not a problem for us. MdB: there's already a version 2. PB: we're only interested in version 2
- MdB: should Mojaloop make any changes
- MdB: removing the dashes is not a standard. So we should use CUID or similar
- MdB: or we should use a separate internal identifier for external messages.
- PSB: we don't care which form of identifier is used, we only care if it's in fact unique.
- MR: whatever the FSPIOP SIG decides is OK with the DA?
- MR: uniqueness is only per ID type. Does this matter?
- Old issues
- No time for these
Actions:
- MdB: Move CI account to 2FA
- MR: report to FSPIOP SIG on Issue 103
Latest comments (1)
@mjbrichards Please note that @samk is an employee of the Mojaloop Foundation.