...
Dial by your location
+1 669 900 6833 US (San Jose)
+1 253 215 8782 US (Tacoma)
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 301 715 8592 US (Germantown)
+1 312 626 6799 US (Chicago)
877 369 0926 US Toll-free
855 880 1246 US Toll-free
+1 778 907 2071 Canada
+1 204 272 7920 Canada
+1 438 809 7799 Canada
+1 587 328 1099 Canada
+1 647 374 4685 Canada
+1 647 558 0588 Canada
855 703 8985 Canada Toll-free
Meeting ID: 353 955 907
Find your local number: https://zoom.us/u/ajhw77vTU
Meeting Agenda/Minutes
Apr 19, 2021: Meeting Minutes; Meeting Recording
Mar 15, 2021: Meeting Minutes; Meeting Recording
Feb 16, 2021: Meeting Minutes; Meeting Recording
Architects Meeting - EdgeX Microservice Authentication.pptx.pdf (Bryon's presentation)
Jan 26, 2021: Meeting Minutes; Meeting Recording
Nov 30, 2020: Meeting Minutes; Meeting Recording
...
Nov 18: Meeting Minutes; Meeting Recording
Open Topics
- Med - address how to provide services, UIs, startup scripts/services, etc. with a list of system services.
- SMA needs the list of services
- UI needs the list of services
- Secret bootstrapping needs to provide tokens to services
- Considerations
- What if Consul is not in use (or should we even allow this)?
- What if app or device services are added at runtime (post bootstrapping)?
- There are some chicken/egg scenarios; security may need the list in order to provide each service with the proper token before they come up and register with the registry service
- Med - Standardizing units of measure
- Per meeting of 3/15, Jim to research more like the ANSI X-12 standard and see what other IoT/edge projects are using.
- Core/High - Ensure that service location data is pulled from trusted source (i.e. not Consul) (Tony's ADR)
- High - V2 API - should we add security foundation added to that (per some of earlier V2 API designs via Dell and Bryon N)?
- Adding token to authenticate a micro service call (is this in scope for Ireland)
- May not be needed unless all services are distributed
- We need to explore alternatives to provide secure / locked out service to service communications
- High - How to handle binary data in V2
- Is CBOR still the right way?
- Simplicity versus performance
- We should have new requirements/use cases to change this
- Jim to find the objectors to CBOR before we cover and get any suggestions/requirements for non-CBOR
- Med - Address how to get device resource info (for app services and Kuiper)
- Probably not ADR worthy
- Either provide Lenny’s convenience APIs or tool to dig out the device resource information in the (cached) profiles
- How/when to invalidate the cache if we use the profile-digging approach
- Med - Keep commit history from beginning to end (don’t squash them until PR approved)
- Med - Standardizing units of measure
- Med - Declarative Kong applicability
- Allowing us to drop Progress DB
- But can you configure groups/users ACL
- Only supports JWT users
- Med - what's the future state of system management service(s) look like
- How to deal with dynamically adding/removing services
- Does it reside in registry/configuration service
- How to handle security issues
- Low - Is the Wiki the best place to document project decisions (those outside of or smaller than ADRs). This was our initial take. Should we revisit?Low (must be done before V2 is done) - Naming scheme changes for config.Clients (key name change)
- Use consistent name that all other services use for core data
- Consistency in the naming vs changing all the names to use service name as part of key Related to system management hard coded list of services.
- Separate issue in arch meeting – high once report back
- Other naming issues (secret store vs secret service)
- Opportunity to make all config/naming consistent
- Jim take resp – get WG leads – try to prioritize this survey
- Low - Revisit combine core services at least at all executables in one image
- Release would be easier but image would be bigger with more complex compose files
- Per Core WG of 2/18/21 - is it at least worth exploring the combination of Core Metadata and Core Command since the two have to share so much data?
- Core command is just a proxy service today, but reasons for having a separate service include: additional security to protect actuation; issue multiple device commands with one request (make one request and fire it to all Modbus devices or all devices under the control of one service); provide the means to limit requests down to a device so as not to overwhelm it or wake it up). These needs could also be incorporated into a combined metadata service but there are advantages to separation of concerns.
- Low - Digital twin (and LWM2M) applicability - being worked via liaison with DTC
- Low - Time series database support and applicability
- Ian Johnson has an example of app service to InfuxDB export (snap in the store)
Non-prioritized items
- Low - where should tool/script for creating new device and application services be placed?
- After the architect's meeting of Jan 26, 2021, it was decided that "templates" should be created in all SDKs to allow for the easy creation of new services (removing the old samples in the SDKs). The templates will be a means for users to copy and create a new service with some instruction on how to rename and replace TODOs with necessary code.
- After the templates are in place, there is a decision to be made about where automation can be placed to use the templates to create new services (versus a manual copy). In the CLI, in a new tool, in a set of simple scripts?
On Hold Topics or Pending Research
...
- High - V2 API - should we add security foundation added to that (per some of earlier V2 API designs via Dell and Bryon N)?
- Adding token to authenticate a micro service call (is this in scope for Ireland)
- May not be needed unless all services are distributed
- We need to explore alternatives to provide secure / locked out service to service communications
- ADR being created and to be reviewed in the Security WG.