<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:15:21 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-1713] Edge module support in FOLIO/Okapi</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-1713</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;Technical design/discussion document for Okapi support for hosting Edge modules:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://docs.google.com/document/d/1pg6lj5UxwcWrrex8xlS-w8eKzIy7Ge0PAPVb7l3n9v4/edit?ts=5b71b9c3#&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://docs.google.com/document/d/1pg6lj5UxwcWrrex8xlS-w8eKzIy7Ge0PAPVb7l3n9v4/edit?ts=5b71b9c3#&lt;/a&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="79911">FOLIO-1713</key>
            <summary>Edge module support in FOLIO/Okapi</summary>
                <type id="10006" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10307?size=medium">Umbrella</type>
                                            <priority id="10003" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p4.svg">P4</priority>
                        <status id="10003" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/generic.png" description="The issue cannot be worked on because it is blocked by other issues. (Migrated on 4 Feb 2024 13:41 UTC)">Blocked</status>
                    <statusCategory id="2" key="new" colorName="blue-gray"/>
                                    <resolution id="-1">Unresolved</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d">Jakub Skoczen</reporter>
                                    <labels>
                            <label>platform-backlog</label>
                    </labels>
                <created>Thu, 17 Jan 2019 10:37:38 +0000</created>
                <updated>Wed, 3 Jun 2020 16:39:23 +0000</updated>
                                                                                <due></due>
                            <votes>0</votes>
                                    <watches>8</watches>
                                                                <comments>
                                                            <comment id="190081" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Mon, 28 Jan 2019 13:04:45 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f8314dfbdef80006f6f572d&quot; class=&quot;user-hover&quot; rel=&quot;5f8314dfbdef80006f6f572d&quot; data-account-id=&quot;5f8314dfbdef80006f6f572d&quot; accountid=&quot;5f8314dfbdef80006f6f572d&quot; rel=&quot;noreferrer&quot;&gt;Adam Dickmeiss&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5cf6c265e7d2310e9fc0c5ac&quot; class=&quot;user-hover&quot; rel=&quot;5cf6c265e7d2310e9fc0c5ac&quot; data-account-id=&quot;5cf6c265e7d2310e9fc0c5ac&quot; accountid=&quot;5cf6c265e7d2310e9fc0c5ac&quot; rel=&quot;noreferrer&quot;&gt;VBar&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5cf6c546b87c300f36eb7b9a&quot; class=&quot;user-hover&quot; rel=&quot;5cf6c546b87c300f36eb7b9a&quot; data-account-id=&quot;5cf6c546b87c300f36eb7b9a&quot; accountid=&quot;5cf6c546b87c300f36eb7b9a&quot; rel=&quot;noreferrer&quot;&gt;Craig McNally&lt;/a&gt; as discussed on a special TC session on Friday we will add deployment capability and add existing edge modules (listed on 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-1630&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-1630&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;include &amp;quot;edge&amp;quot; modules in daily snapshot/testing builds&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10307?size=medium&quot; /&gt;
            FOLIO-1630
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
). The Okapi functionality for hosting edge modules is independent and does not block the task. &lt;/p&gt;</comment>
                                                            <comment id="190083" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Mon, 28 Jan 2019 13:16:01 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5cf6c546b87c300f36eb7b9a&quot; class=&quot;user-hover&quot; rel=&quot;5cf6c546b87c300f36eb7b9a&quot; data-account-id=&quot;5cf6c546b87c300f36eb7b9a&quot; accountid=&quot;5cf6c546b87c300f36eb7b9a&quot; rel=&quot;noreferrer&quot;&gt;Craig McNally&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f8314dfbdef80006f6f572d&quot; class=&quot;user-hover&quot; rel=&quot;5f8314dfbdef80006f6f572d&quot; data-account-id=&quot;5f8314dfbdef80006f6f572d&quot; accountid=&quot;5f8314dfbdef80006f6f572d&quot; rel=&quot;noreferrer&quot;&gt;Adam Dickmeiss&lt;/a&gt; and I discussed how the institutional user (and the Okapi token) is provisioned for the edge-modules? Is this something that needs to be done manually right now? Assuming the &quot;edge&quot; modules can support the tenant API, we are wondering if this process can be done automatically, when a new tenant is created in Okapi (through the lifecycle callback)? &lt;/p&gt;

&lt;p&gt;E.g:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;on tenant creation Okapi calls the tenant init callback on the edge-module&lt;/li&gt;
	&lt;li&gt;the provided token could allow the edge module to create an inst user&lt;/li&gt;
	&lt;li&gt;the edge module can use the token to bootstrap the inst user for the newly created tenant.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Or something roughly along those lines.&lt;/p&gt;</comment>
                                                            <comment id="190084" author="557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c" created="Tue, 29 Jan 2019 20:03:42 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; class=&quot;user-hover&quot; rel=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; data-account-id=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; accountid=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; rel=&quot;noreferrer&quot;&gt;Jakub Skoczen&lt;/a&gt;, at tenant creation or during enabling module for tenant? I assume it is the latter. Since the newly created institution user also needs proper permission, would the provided token be used to do that as well? Is there a way in the token to control which permissions can be assigned to the new user (not okap.all for sure)? &lt;img class=&quot;emoticon&quot; src=&quot;/images/icons/emoticons/smile.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt;&lt;/p&gt;</comment>
                                                            <comment id="190086" author="5cf6c546b87c300f36eb7b9a" created="Tue, 29 Jan 2019 20:41:42 +0000"  >&lt;p&gt;It&apos;s an interesting idea...  A few comments:&lt;/p&gt;

&lt;ol&gt;
	&lt;li&gt;There&apos;s nothing special about the &quot;institutional user&quot;... these are just standard folio users w/ particular permissions - e.g. mod-rtac.all.  IMO whatever we do here, we shouldn&apos;t prevent a tenant from manually setting up these users as they see fit.  For instance, if they want a single user that&apos;s used by all of their edge APIs, they should be able to do so.  If they want separate users for each edge API they should be able to do that as well.&lt;/li&gt;
	&lt;li&gt;The edge APIs don&apos;t currently define a tenant init API this would need to be added&lt;/li&gt;
	&lt;li&gt;Do we really want to force edge modules to require the users interface?&lt;/li&gt;
&lt;/ol&gt;
</comment>
                                                            <comment id="190087" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Wed, 30 Jan 2019 10:24:06 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; class=&quot;user-hover&quot; rel=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; data-account-id=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; accountid=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; rel=&quot;noreferrer&quot;&gt;Hongwei Ji&lt;/a&gt; Correct, when module is enabled for a tenant.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5cf6c546b87c300f36eb7b9a&quot; class=&quot;user-hover&quot; rel=&quot;5cf6c546b87c300f36eb7b9a&quot; data-account-id=&quot;5cf6c546b87c300f36eb7b9a&quot; accountid=&quot;5cf6c546b87c300f36eb7b9a&quot; rel=&quot;noreferrer&quot;&gt;Craig McNally&lt;/a&gt; Agree. Almost. It looks like for the existing edge modules the convention is that &quot;edge&quot; API is implemented directly in the Okapi module (mod-rtac, mod-oai-pmh) with granular permissions for each endpoint (oai-pmh.records.item.get, etc) and a single permission set (oai-pmh.all) that is then granted to the &quot;institutional&quot; user. The thing that is &quot;special&quot; for the user is the permission set that needs to match what the &quot;edge&quot; module needs. But how do the operator know this? How do they know that the insitutional users for &quot;edge-oai-pmh&quot; needs &quot;oaipmh.all&quot;? &lt;/p&gt;

&lt;p&gt;( I am not sure I understand what you mean in #3)&lt;/p&gt;</comment>
                                                            <comment id="190088" author="557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c" created="Wed, 30 Jan 2019 13:41:49 +0000"  >&lt;p&gt;What I was trying to say is that do we really want an edge module to create any users and assign any permissions to the users? Unless we have a fine control that okapi token, it seems loose from security perspective. &lt;img class=&quot;emoticon&quot; src=&quot;/images/icons/emoticons/smile.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt;&lt;/p&gt;</comment>
                                                            <comment id="190089" author="5cf6c546b87c300f36eb7b9a" created="Wed, 30 Jan 2019 15:29:51 +0000"  >&lt;blockquote&gt;&lt;p&gt;( I am not sure I understand what you mean in #3)&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; class=&quot;user-hover&quot; rel=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; data-account-id=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; accountid=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; rel=&quot;noreferrer&quot;&gt;Jakub Skoczen&lt;/a&gt; I mean that if the edge API is going to be creating users, each edge API will need a dependency on the users interface, which isn&apos;t a huge deal, but it does mean additional dependencies for all Edge APIs.&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;It looks like for the existing edge modules the convention is that &quot;edge&quot; API is implemented directly in the Okapi module (mod-rtac, mod-oai-pmh) with granular permissions for each endpoint (oai-pmh.records.item.get, etc) and a single permission set (oai-pmh.all) that is then granted to the &quot;institutional&quot; user. The thing that is &quot;special&quot; for the user is the permission set that needs to match what the &quot;edge&quot; module needs. But how do the operator know this? How do they know that the insitutional users for &quot;edge-oai-pmh&quot; needs &quot;oaipmh.all&quot;?&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;I see your point.  The edge APIs do provide a module descriptor with required interfaces;  This proabably isn&apos;t ideal, but typically there&apos;s a .all permission set associated with each interface.  By convention we could probably say the institutional user requires the .all permission associated with each of the edge API&apos;s required interfaces.  In some cases that might be a little overkill, but not by much.  Edge-patron for instance has a requirement on the users interface so it can lookup a patron&apos;s uuid via the externalSystemId provided.  Giving the institutional user users.all (or whatever the equiv. is) is probably overkill here, but it&apos;s much better than granting them okapi.all&lt;/p&gt;

&lt;p&gt;Whether or not it&apos;s too onerous to place this burden on the &quot;operator&quot; comes down to who would typically be doing this provisioning... Is it safe to assume that if you&apos;re creating tenants you&apos;re familiar enough with the administration of FOLIO that you&apos;d A) know about this convention - ideally it would be documented somewhere and B) know how to determine the required interfaces and derive the appropriate .all permission sets that the institutional user(s) would need?&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="52839">OKAPI-652</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="52794">OKAPI-314</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="80928">FOLIO-1630</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="54106">OKAPI-705</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10144"><![CDATA[Core: Platform]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|hzzd53:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 29 Jan 2019 20:03:42 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>