Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Nov 18: Meeting Minutes; Meeting Recording

Open Topics

  • Security WG - high priority review of ADR for bootstrapping in OCI containers requested.
    • Architect’s asked to review prior to next Architect’s meeting (Sep 21)
    • Bryon to cover highlights at that meeting
  • Per the Hanoi planning conference - we need to better define "bound checking" so that a design (and eventual implementation) can be brought forth to meet the requirements
    • Currently considering limiting the number of operations that can be performed on a service (like a device service) over a period of time or setting the max request size (that lends to DoS attacks)
    • Can the solution be more globally applied?
  • Is the Wiki the best place to document project decisions (those outside of or smaller than ADRs).  This was our initial take.  Should we revisit?Is the Wiki the best place to document project decisions (those outside of or smaller than ADRs).  This was our initial take.  Should we revisit?
  • New topics from Ireland Planning Meeting
    • Ensure that service location data is pulled from trusted source (i.e. not Consul) (Tony's ADR)

    • V2 API - should we add security foundation added to that (per some of earlier V2 API designs via Dell and Bryon N)?
      • Adding token to authenticate a micro service call (is this in scope for Ireland)
      • May not be needed unless all services are distributed
      • We need to explore alternatives to provide secure / locked out service to service communications
    • Address how to get device resource info (for app services and Kuiper)

      • Probably not ADR worthy

      • Either provide Lenny’s convenience APIs or tool to dig out the device resource information in the (cached) profiles

      • How/when to invalidate the cache if we use the profile-digging approach
    • Naming scheme changes for config.Clients (key name change)
      • Use consistent name that all other services use for core data
      • Consistency in the naming vs changing all the names to use service name as part of key
    • Docker image naming - resolve naming standard we want

      • Drop “go” suffix and “docker” prefix??

    • What version of Alpine for Docker images (make them consistent?)
    • How to handle binary data in V2

      • Is CBOR still the right way?

      • Simplicity versus performance

      • We should have new requirements/use cases to change this

    • Revisit combing core services at least at all executables in one image

      • Release would be easier but image would be bigger with more complex compose files

    • Keep commit history from beginning to end (don’t squash them until PR approved)

    • Standardizing units of measure

    • Digital twin (and LWM2M) applicability

    • Declarative Kong applicability

    • Time series database support and applicability

On Hold Topics or Pending Research

...

  • How do we review/remove artifact removal (docker images in Docker Hub, snaps, etc.)?
    • Decision made to tag "latest" dot release with X.Y tagging and use X.Y in Docker Compose files (see minutes from 8/20).
    • Open discussion still around what to do with old (very old) images.
    • Could add scope in order to understand the domain of a PR (especially for edgex-go)
    • Mike and Tony to discuss before next TSC
      • Let’s check what are other projects doing in this case (Kong, Consul, Vault, …)?
      • Also consult with community and adopters; what do they expect from us? Accenture, ThunderSoft, …

      • Jim to take this research and poll of adopters

    PR Template for conventional commits is now in place for all repositories for all PRs but without TSC approval.  It doesn’t appear to be affecting any problem. We need to finalize the shape of this and officially approve the template by the TSC.
      • Adopters have been polled. Most want images available indefinitely.  Tibco suggested keep them one year.
      • Other organizations (Kong, Consul, Vault, etc.) are not removing images regardless of age or circumstances (there are a few exceptions).
  • Is order of event/readings being sent by a single device service important?  Are there async operations in any service that could change the order of events as they are sent from a DS to core to application services (with REST, 0MQ or MQTT infrastructure)?  What do customers desire here?  Is maintained order important?  What is the current state of the system and can we diagram/document that? 
    • Jim to do some research first.  Findings: there are places in DS, Core and Application Services where messages can get out of order.  If order is something that should be an option built in, it will require much work.
  • Incorporation of Vertical Solution WG adopter presentation feedback
    • Jim to collect and present after all 5 presentations
  • EdgeX UI - it is for dev/test right now.  Would we ever want to have a UI for production?  Under what constraints?
    • Being worked through Core WGAdopters have been polled.  Only one organization suggested having the option (but not manditory) would be nice.  Others indicated they understood ramifications (performance hit) and wanted no changes in this regard.