- Security WG - high priority review of ADR for bootstrapping in OCI containers requested.
- Architect’s asked to review prior to next Architect’s meeting (Sep 21)
- Bryon to cover highlights at that meeting
- Per the Hanoi planning conference - we need to better define "bound checking" so that a design (and eventual implementation) can be brought forth to meet the requirements
- Currently considering limiting the number of operations that can be performed on a service (like a device service) over a period of time or setting the max request size (that lends to DoS attacks)
- Can the solution be more globally applied?
- provide comment prior to Oct 15.
- Is the Wiki the best place to document project decisions (those outside of or smaller than ADRs). This was our initial take. Should we revisit?
- Review of Adopter Series Requirements
- See slide deck from 9/21 - and comment on requirements at https://docs.google.com/document/d/141d9AQ0exk8gkFVVujxUTsrtw70clRIyQa_ymwb0V4M/edit#
On Hold Topics or Pending Research
- How do we review/remove artifact removal (docker images in Docker Hub, snaps, etc.)?
- Decision made to tag "latest" dot release with X.Y tagging and use X.Y in Docker Compose files (see minutes from 8/20).
- Open discussion still around what to do with old (very old) images.
- Could add scope in order to understand the domain of a PR (especially for edgex-go)
- Mike and Tony to discuss before next TSC
- Let’s check what are other projects doing in this case (Kong, Consul, Vault, …)?
Also consult with community and adopters; what do they expect from us? Accenture, ThunderSoft, …
Jim to take this research and poll of adopters
- Adopters have been polled. Other organizations (Kong, Consul, Vault, etc.) are not removing images regardless of age or circumstances (there are a few exceptions).
- Is order of event/readings being sent by a single device service important? Are there async operations in any service that could change the order of events as they are sent from a DS to core to application services (with REST, 0MQ or MQTT infrastructure)? What do customers desire here? Is maintained order important? What is the current state of the system and can we diagram/document that?
- Jim to do some research first. Findings: there are places in DS, Core and Application Services where messages can get out of order. If order is something that should be an option built in, it will require much work.
- Incorporation of Vertical Solution WG adopter presentation feedback
- Jim to collect and present after all 5 presentations
- EdgeX UI - it is for dev/test right now. Would we ever want to have a UI for production? Under what constraints?
- Being worked through Core WG