2021-11-10 Meeting notes

Date

10 Nov 2021

Attendees

Discussion items

Time	Item	Who	Notes
1 min	Scribe	All	Raman Auramau is next in the list, followed by Dennis Benndorf
2 min	Review outstanding action items	All
5-10 min	Proposals / Info sharing	All	We previously discussed (though I can't find it in the notes) deferring the review of technical proposals until we have agreed to a formal technical decision making process. How does this apply to "information sharing"? Discuss and make a formal decision on whether or not we want to spend TC meeting time on reviewing proposals and information sharing on technical designs/arch, prior to having a formal decision making process in place? If we decide that we do want to still give some limited meeting time to certain types of things, clearly define what those are in the notes for future reference. If we decide that we don't want to do any of this during meeting time until we have a well defined process for decision making in place, clearly state that in the notes for future reference. Regardless of the above, it seems desirable to have a document shared with the TC to review and provide feedback on out of band It might be worth pulling together a wiki page that outlines the rules/policies in place for TC meetings, e.g. hand raising, how the agenda is formed, prerequisites for getting something on the agenda, etc. Another idea floating around is to form an executive TC group that will be responsible for forming the meeting agenda. Do we think we need this, or just a set of clear rules around how the agenda is formed? Craig McNally what is the most efficient way to manage TC meeting? Should we spend time on discussing particular proposals and decision? Zak Burke mentioned that Tod Olson Very tricky part, it is necessary to discuss, but not to dig deep Jakub Skoczen What kind of topics can be brought to TC meetings? Philip Robinson major new technical ideas and proposals are relevant to TC level but most likely they are to be reviewed in advance (e.g., be well documented and shared to give TC time to review 'em) Craig McNally Brief 3-5 min updates with actions items (and with deadlines) seem to be efficient - should keep TC productive Marc Johnson Concern is that we have really many topics, and a lotta questions which makes TC meeting sometimes not so manageable Craig McNally agreed on that; probably it would make sense to use Slack channel for some offline discussions? Also, one might pay more attention to agenda forming Action item - Craig McNally to create a place on the wiki where we can capture meeting rules/policies, how meetings are run, how agendas are formed, etc. - by 11/17 There was interest in trying to adopt an executive TC group for forming meeting agendas. Volunteers - Craig McNally , Zak Burke , Jakub Skoczen , Raman Auramau Action item -Craig McNally , Zak Burke , Jakub Skoczen , Raman Auramau to discuss the formation of an executive TC group for forming meeting agendas and how it might work. Marc Johnson , Craig McNally - some discussion about lazy consensus and a decision made now
15-20 min	Authentication Token Architecture	Steve Ellis / Jakub Skoczen	Looking to share our work to make FOLIO's token architecture more secure Links to the documents from Steve Ellis : https://docs.google.com/document/d/1K_QdgnOo2wOSfY-rQ8phOD6nCO_3jvdAnEG0BEqtnjU/edit?usp=sharing - specification https://docs.google.com/presentation/d/1Bx8rQWq6roUAe9lDkifbcTv6wFfBn8njovMeLf5zuyM/edit?usp=sharing - short deck here summarizing the approach Context and issues: Need a better way to have token management, i.e. token expiration, revoke process, token leakage detection, UX improvements Three new token types are proposed to replace existing token: so called Request Token (short TTL), Access Token (short TTL) and API Token (non-expiring; can be used by edge modules) Steve presented more detailed explanations on the proposed types of tokens VBar asked to clarify TTL for Refresh and Access Tokens Zak Burke What is the reason / needs behind except general improvement of security? Is there specific timeline for that work? Jakub Skoczen No, no deadline; though this enables addressing a not-expiring token issue; at the same time - this is planned for Lotus Zak Burke This will be required significant refactoring on UI side; Stripes UI team capacity for Lotus was allocated without knowledge of this proposal Jakub Skoczen There is a Spike task in Jira for ~1.5 y so this is not an unexpected.. Zak Burke will take a look into proposal details to give a feedback Action item - Prepare a transition plan (Jakub Skoczen , Zak Burke )
3 min	Council Goals/Objectives	All	Follow-up from previous meetings... Previous notes: From Mike Gorrell: I have created a clean copy of what the Community Council created to identify which FOLIO Goals/Objectives were under the purview of the CC. We also took a stab at what thought would be handled by PC or TC. Please feel free to give us feedback/etc. https://docs.google.com/document/d/17jVxW2XEK2bRSpXG9_FvdVtgqDfCTeKKM5h49IIhmRw/edit#heading=h.m2gdb67ibe1x. and use for your planning purposes. Update from Tod Olson? Can we set a deadline for having something ready for the TC to review and discuss? No updates; need to take this offline
3 min	Upgrade/Migration Script Performance	Raman Auramau	Quick update from Raman Auramau? Action Items with deadlines? Raman Auramau provided a brief update - there's a Jira label data_migration and a Jira dashboard for visualization The very 1st task with such label was already reviewed and tested for performance on bugfest data A guide how to conduct such testing to come later Re-think of data migration approach - a strategic task, need a special working group if TC sees a need for this
10 min	New Module Technical Evaluation Previously: "External Code Submissions"	Craig McNally Jakub Skoczen Zak Burke	We reviewed the process document last week and there were very few comments. Can we get a clear indication of acceptance from the TC on this? Update from subgroup Update from Tod Olson on the cross-council group? Group still forming, looking for about six total with two reps for community, product, and technical perspectives. For the second technical voice, it was suggested that a person from either TC or SysOps could be appropriate. Raised on Slack, no takers yet, will discuss in SysOps. Action Items with deadlines? Craig McNally Still in progress, Jakub Skoczen proposed a Jira workflow, Zak Burke is working on a template/form for capturing evaluation results. Action item - Tod Olson , Jeremy Huff , Anton Emelianov (Deactivated) to connect on the cross-council group for defining the larger process for new module acceptance Jakub Skoczen do we need a formal round of accepting that? Craig McNally it sounds like we don't want to make a formal decision on anything until we have a technical decision making process in place. I'm not sure this qualifies as a technical decision. To be revisited
15 min	Technical Decision Making Process	Jakub Skoczen	This is a carry-over from last week. The tech leads group not being a decision making body Whether it's realistic and/or desirable for the TC to make every technical decision There was some overlap here with the external code submission topic Additional Context: 2021-10-13 Meeting notes 2021-10-20 Meeting notes 2021-10-27 Meeting notes 2021-11-03 Meeting notes For Today: We had homework to review Jakub Skoczen's document and provide feedback/questions/comments. Does the RFC proposal meet the purpose outlined here in this document? Are there other proposals for a decision making process (maybe that borrow parts of the RFC process)? Just a few minutes of discussing; next steps - need some feedback, will come back next week
Time permitting	TC charter review	All

Action items

Craig McNally to create a place on the wiki where we can capture meeting rules/policies, how meetings are run, how agendas are formed, etc. - by 11/17
Tod Olson , Jeremy Huff , Anton Emelianov (Deactivated) to connect on the cross-council group for defining the larger process for new module acceptance - no clear deadline defined, but effectively should happen by 11/17
Jakub Skoczen and Stripes Architecture to devise a transition plan for auth token expiration, adoption of refresh tokens, etc. - no clear deadline defined, but soon given that some of this is tentatively scheduled for Lotus
Craig McNally , Zak Burke , Jakub Skoczen , Raman Auramau to discuss the formation of an executive TC group for forming meeting agendas and how it might work - no clear deadline defined
Tod Olson to define a deadline for having a set of Goals/Objectives ready for the TC to review and discuss - by 11/17