DevSecOps Initiaitive Epic 2 - Architecture / Solution wide concerns

Context:

The OSS offering does not include nor suggests implementation strategies for the following solution-wide (architectural) concerns: • Identity management • Request routing • Request authentication and authorisation • Encryption at rest and in transit • Inter-service and service to infra authentication and authorisation.

This un-opinionated approach delegates these decisions to implementation parties, which could lead to strategic decision making outside the OSS project, as the first implementations drive these decisions - this in turn can lead to vendor-lock and/or reduced applicability of the OSS offering. Security and quality could decrease.

Objectives:

Consider if the OSS offering should: • Require standard and compliant ways of addressing the concerns above - enforce standards in code/services in a plugable/extensible way; • Go one step further and address the above concerns by delivering reference implementations

Story 1 – Simply and Optimize Code Branching

Perform analysis on the current branching strategy – Pedro
Discuss and agree on best practice branching strategy to improve code quality and security - All
Document new process\scripts - Godfrey

Story 2 - Simplify API Gateway Implementation and Management

Review the current level of dependency on WS02 and the overall strategy to use WS02 – All
Deliberate a new API gateway service breakdown to avoid possible future lock-ins -All
Explore other simple out of the box ways of implementation an API gateway – Godfrey & Pedro
Document and communicate the epic output - Godfrey

Story 3 - Identity and Access Management Architecture Review

Review the current identity management within Mojaloop – All
Review how credential management is handled today and recommend improvement – Godfrey & Victor
Document and communicate the epic output - Godfrey

mojaloop / project

DevSecOps Initiaitive Epic 2 - Architecture / Solution wide concerns #1127