- Security WG - high priority review of ADR for bootstrapping in OCI containers requested.
- Architect’s asked to provide comment prior to Oct 15.
- Is the Wiki the best place to document project decisions (those outside of or smaller than ADRs). This was our initial take. Should we revisit?
- Review of Adopter Series Requirements See slide deck from 9/21 - and comment on requirements at https://docs.google.com/document/d/141d9AQ0exk8gkFVVujxUTsrtw70clRIyQa_ymwb0V4M/edit#New topics from Ireland Planning Meeting
Ensure that service location data is pulled from trusted source (i.e. not Consul) (Tony's ADR)
- V2 API - should we add security foundation added to that (per some of earlier V2 API designs via Dell and Bryon N)?
- Adding token to authenticate a micro service call (is this in scope for Ireland)
- May not be needed unless all services are distributed
- We need to explore alternatives to provide secure / locked out service to service communications
Address how to get device resource info (for app services and Kuiper)
Probably not ADR worthy
Either provide Lenny’s convenience APIs or tool to dig out the device resource information in the (cached) profiles
- How/when to invalidate the cache if we use the profile-digging approach
- Naming scheme changes for config.Clients (key name change)
- Use consistent name that all other services use for core data
- Consistency in the naming vs changing all the names to use service name as part of key
Docker image naming - resolve naming standard we want
Drop “go” suffix and “docker” prefix??
- What version of Alpine for Docker images (make them consistent?)
How to handle binary data in V2
Is CBOR still the right way?
Simplicity versus performance
We should have new requirements/use cases to change this
Revisit combing core services at least at all executables in one image
Release would be easier but image would be bigger with more complex compose files
Keep commit history from beginning to end (don’t squash them until PR approved)
Standardizing units of measure
Digital twin (and LWM2M) applicability
Declarative Kong applicability
Time series database support and applicability
On Hold Topics or Pending Research
- How do we review/remove artifact removal (docker images in Docker Hub, snaps, etc.)?
- Decision made to tag "latest" dot release with X.Y tagging and use X.Y in Docker Compose files (see minutes from 8/20).
- Open discussion still around what to do with old (very old) images.
- Let’s check what are other projects doing in this case (Kong, Consul, Vault, …)?
Also consult with community and adopters; what do they expect from us? Accenture, ThunderSoft, …
Jim to take this research and poll of adopters
- Adopters have been polled. Most want images available indefinitely. Tibco suggested keep them one year.
- Other organizations (Kong, Consul, Vault, etc.) are not removing images regardless of age or circumstances (there are a few exceptions).
- Is order of event/readings being sent by a single device service important? Are there async operations in any service that could change the order of events as they are sent from a DS to core to application services (with REST, 0MQ or MQTT infrastructure)? What do customers desire here? Is maintained order important? What is the current state of the system and can we diagram/document that?
- Jim to do some research first. Findings: there are places in DS, Core and Application Services where messages can get out of order. If order is something that should be an option built in, it will require much work.
- Adopters have been polled. Only one organization suggested having the option (but not manditory) would be nice. Others indicated they understood ramifications (performance hit) and wanted no changes in this regard.