2021-06-23 Meeting Notes

Owned by Zak Burke
Last updated: Jun 24, 2021 by Tod Olson
3 min read

Date

2021-06-23

Attendees

Discussion items

Time

Item

Who

Notes

25 minSSO/SAML wrap-up

Axel Dörrer

  • Tentative proposal: small group to chart out an approach, treat this as an edge module. Idea would be some sort of plug-in architecture that handles basic receipt of AuthN (yes|no) and may map from external attributes to FOLIO attributes. Would then implement plug-in for SAML, with the idea that plug-ins for other AuthN scheme (e.g. LDAP) could be implemented as-needed.
  • Allow implementors to determine if addressing auth-z in addition to auth-n is necessary. We'll leave this door open but focus on auth-n for now. e.g. there may some LDAP attributes that map generally to FOLIO (e.g. "can log in", see FOLIO-2444) if not to specific app-based permission sets. 
  • existing security issues have been resolved so this is no longer pressing, but it is helpful to have this outline in place. 
  • Zak Burke: write decision log entry WRT "when community decides to address add'l SSO issues, this is how we want to proceed: edge module with plugins etc." The open-ended piece of this is how to support different auth-n schemes. We acknowledge current impl is insufficient, and question of whether this should all be handled within FOLIO, or can be off-loaded to the deployment env is not one TC can easily answer. The team carrying this forward probably needs support from devs and from dev-ops WRT these decisions in order to make an architectural proposal which probably needs review by the TC again. 

i18n wrap-up

Julian LadischZak Burke

  • How to communicate locale? Use HTTP accept-language header or existing lang query parameter?
    • FOLIO-3196 - Getting issue details... STATUS ; Decision Log: Localization parameter for back-end
    • lang exists in RMB but is not well-integrated (exists, but not really in use)
      • could be truncated inadvertently by URL length restrictions
      • TC: label lang is deprecated; as tech-debt to be removed with next major version change
        • OTOH, maybe this is the kick in the pants we need to get better at interface mgmt and handling breaking changes. 
    • locale should be the tenant's locale setting, not the browser's setting
20 minCommunity Council

Boaz Nadav Manes

Mike Gorrell

CC was instantiated in April 2021

Focus so far has been on:

  • Logistics
  • Treasurer activities: Managing funding and membership dues is a substantial undertaking
  •  Funding
    • Cover FOLIO "infrastructure" and fund resources formerly funded by Mellon
      • infrastructure (AWS, GitHub, TestRails...)
    • Established 3 groups:
      • Solicit existing members; successful
      • attract/sign up new members: many are involved but not yet committed/paying dues
      • identify grant opportunities
        • hopefully very fruitful, but also long-term: IMLS grant calendar is fall 2021 for 2022 procurement
          • create a proposal for a project that aligns with the grantor, rather than general FOLIO sustainability
  • Communication and Onboarding emphasis
    • outreach, FOLIO forums, etc
    • cuts across CC/PC/TC; CC to lead and form a cross-council group to move this forward
  • Elections for Product Council and Technical Council
    • votes close this Friday; targeting 2021-07-12 as first "new council" meetings
  • Reviewing FOLIO Strategic Objectives to set our agenda for FY22
    • make sure there is common understanding of these goals
    • make sure activities and interests align with these goals
    • figure out which the CC should lead vs participate in

What advice/questions/requests do TC have for the CC?

  • Jeremy Huff : What is the TC's role WRT finances; we haven't been empowered to make financial decisions, but we sometimes are asked to assess financial impact of tech decisions
    • CC feels TC should continue own AWS budget 
    • governance model clearly puts financial responsibility in the hands of the TC
  • md331 (Deactivated): there's a bunch of infrastructure that is AWS, GitHub etc, but also people (e.g. people doing component development, people doing dev-ops, etc). Institutions donate people right now, but could re-task those people at any moment. Yikes. 
    • should a "core team" of those kinds of folks who keep the project running rather than just handling feature mgmt, be in scope for funding? 
    • current ops costs ~$135k; funding people is far more expensive
    • not having this commitment this causes some discomfort among others
    • current membership model has institutions committing people in these roles, rather than committing revenue
  • Tod Olson: cross-module data sync is becoming a hot topic, e.g. bib data flowing through data-import; app interaction is looking at cross module issues; but these feel like manifestations of the same problem! A more monolithic architecture would remove some of this behind ACID transactions but remove some of the promise of FOLIO of separating concerns into separate modules. How do we get people to align on how they see this problem? 
    • is this a TC/PC thing? How could/should the CC be involved?
    • Brandon Tharp : stating operational philosophies/decisions that FOLIO adheres to would be helpful to set expectations: level a playing field, then make decisions within that plane.
    • RFC process to establish tech norms never really took off
    • there is some motion on this from the exec PC side at present; Tod Olson to pursue this for now


5 minnext week's agenda
Tod Olson to convene next week's meeting