Discuss the design approach of a standalone HSM capability for Mojaloop

[NicoDuvenage]

Request:

Discuss the design approach of a standalone HSM capability for Mojaloop

Artifacts:

• [ ] https://github.com/mojaloop/project/files/4884145/Mojaloop.Crytographic.Processing.Module.-.7.July.2020.v1.0.docx

Decision(s):

• [ ] Actual decision made as a result of discussion

Follow-up:

• [ ] Alternative actions

Dependencies:

• [ ] If Applicable

Accountability:

• Owner: @godfreykutumela, @adrianhopebailie, max@gysisolutions.com

Notes:

[NicoDuvenage]

The topic for discussion was: https://github.com/mojaloop/project/issues/852 The "HSM Integration Approach" was touched on a few times, and the workgroup taking care of the design and implementation, tabled this for discussion at this week's DA meeting to answer a few questions arising from the last PI-Planning session where progress on this was again presented.

As we have not completed the discussion, an ad-hoc DA meeting has been arranged for this Friday with a sub-section of the DA Members. The reason for that was because there were a few specific questions we did not have time to go into detail for, which will be clarified with the individuals who raised those questions. Please drop me a note if you would like to participate in that meeting.

[godfreykutumela]

A clarification meeting was held last friday to address all the points raised by members of the DA and below are our final agreement and conclusion:

1. Articulation of Risks - We have agreed that all risk associated with the introduction of a CPM be clearly articulated to the hub operator to make their own choices. The current documentation should be updated as per this agreement.

2. Costing - The envisaged design is flexible enough to enable a low cost solution to be adopted by hub operators and their participants.

3. Detailed Implementation Plans and Roadmap - This is not covered in the current scope of the HLD and will part of the LLD's (PI 12) and Implementation Phase - POC in PI 13.

4. Avoiding Breaking Changes - The Module will be delivered as a microservice and will be part of the core switch services for handling all in-switch cryptographic funcations however hub operators may elect not use it on their own accord thereby accepting all the risk associated with not using secured cryptographic environment provided for from OSS core architecture.

Next Step - To approve the HLD design as-is and proceed with the LLD's.

@NicoDuvenage Let me know if this well covered as last friday discussion

[NicoDuvenage]

Thanks, @godfreykutumela - this is great. I am moving this to the "decision made" column and we will address this topic again when required under a new entry.

[godfreykutumela]

Hi @NicoDuvenage I think you can close this one - it was a duplication of https://github.com/mojaloop/design-authority/issues/62