Minutes of DA Meeting 2023-05-17

Attendees:

• Paul Baker paul.baker@infitx.com (PB)
• Pedro Barreto pedrob@crosslaketech.com (PSB)
• Miguel de Barros miguel.debarros@infitx.com (MdB)
• Tom Daly tdaly61@gmail.com (TD)
• Johann Foley johannes.foley@sybrin.com (JF)
• Sam Kummary sam@infitx.com (SK)
• Paul Makin pmakin@mojaloop.io (PM)
• Michael Richards Michael.Richards@infitx.com (MR) (Chair)
• Jane Stroucken Jane.Stroucken@infitx.com (JS)

Apologies:

• James Bush jbush@mojaloop.io (JB)
• Godfrey Kutumela godfreyk@crosslaketech.com (GK)

Absent:

• Aung Thaw Aye AungThaw.Aye@thitsaworks.com AT
• Jason Bruwer jason.bruwer@coil.com (JB)
• Greg McCormick greg@frms.io (GM)
• Simeon Oriko simeonoriko@gmail.com (SO)
• Justus Ortlepp justus.ortlepp@gmail.com (JO)

Agenda:

• Report on actions from last meeting
• Update on Issue 102: Enable 2FA for all Mojaloop GitHub users (SK)
• Issue 103: Changing the basis of UUID generation for Mojaloop (MR)
• Closing outstanding issues (All)
• AOB

Minutes

• Actions from previous meeting
  • Issue 57 concluded
  • Issues 61 and 65 raised with FSPIOP SIG
• Issue 102: SK
  • Enabling PFA would remove 65 users.
  • SK: want to reach out to warn some users.
  • Mojaloop CI account is one of those which require 2FA. MdB: we can do this. PSB: what is your idea? MdB: we'll figure this out.
  • Proposed flow: MdB will log in and generate a token which is valid for a given time, and configure the token in the CI.
  • MdB: there's another user called GitHub actions which will need to be included.
• Issue 103 (MR)
  • PB: length can be set to anything. Would we propose a definite length? MR: yes.
  • PB: we can also specify a character set.
  • JF: do we have to enforce a particular method of generating a unique identifier? MR - we need to be able to check that one is unique
  • SK - we shouldn't rule out UUID without hyphens. UUID is generally used and has an IETF specification which is widely reviewed and published. On regular expressions: regex does not in fact check uniqueness.
  • PSB: vNext uses 128-bit numbers. We strip the hyphens from the UUID and it turns into a 128-bit number.
  • SK: assuming it's not too onerous to remove hyphens, we could just do that in PM
  • PSB: we already check for uniqueness, which means that it doesn't matter how the number is generated
  • PB: collision is so rare you shouldn't need to check that they're unique. PSB, SK: you need to check. When you make the check, you don't need the ID to be unique.
  • PB: CUID is cleaner and smaller, but it's new. Not quick to generate, which is not a problem for us. MdB: there's already a version 2. PB: we're only interested in version 2
  • MdB: should Mojaloop make any changes
  • MdB: removing the dashes is not a standard. So we should use CUID or similar
  • MdB: or we should use a separate internal identifier for external messages.
  • PSB: we don't care which form of identifier is used, we only care if it's in fact unique.
  • MR: whatever the FSPIOP SIG decides is OK with the DA?
  • MR: uniqueness is only per ID type. Does this matter?
• Old issues
  • No time for these

Actions:

• MdB: Move CI account to 2FA
• MR: report to FSPIOP SIG on Issue 103