October 25, 2017

Time/Place

This meeting is a hybrid teleconference and IRC chat. Anyone is welcome to join. Here is the info:

• Time: 1:00pm Eastern Daylight Time US (UTC-4)
• Dial-in Number: (641) 715-3570
  • Participant Code: 304589#
  • International numbers: Conference Call Information
  • Web Access: https://www.freeconferencecallhd.com/wp-content/themes/responsive/flashphone/flash-phone.php
• IRC:
  • Join the #islandora chat room via Freenode Web IRC (enter a unique nick)
  • Or point your IRC client to #islandora on irc.freenode.net

Attendees

• Eddie Rubiez
• Yamil Suarez
• Danny Lamb
• Bethany Seeger
• Aaron Coburn
• Bryan Brown
• Jared Whiklo
• Jonathan Green

Agenda

1. JWT authentication and using existing/registered claims and/or the webid claim rather than purely custom claims (acoburn).
   1. https://github.com/Islandora-CLAW/CLAW/issues/736
2. https://github.com/fcrepo4-labs/fcrepo-api-x/issues/149#issuecomment-339011500
   1. https://github.com/Islandora-CLAW/CLAW/issues/738
3. https://github.com/Islandora-CLAW/CLAW/issues/640 is ready to test
   1. https://github.com/Islandora-Devops/claw-playbook/pull/21
   2. https://github.com/Islandora-CLAW/claw_vagrant/pull/55
4. versioning in CLAW - history or web archive style? (bseeger)
5. ... (feel free to add agenda items)

Minutes

1. JWT holds JSON and can contain anything you want. It also holds the user, the groups for the user, the location the request is coming from.

   We are making custom claims, but there are a set of standard claims from the spec. These are the base level claims. There is also SOLID which has a set of guidelines on how you might do authentication. They suggest a claim called WebID, which works with WebAC because users need a IRI.

   For Trellis wanted to be able to support authentication from CLAW, but our custom claims. What if another client uses other custom claims. So if we just switched to using the standard claims then it becomes easier for others to support our authentication claim.

   For example: uid -> sub(ject) and url -> iss(uer)

   Also there a whole list of officially recognized JWT claim keys with IANA. Ideally we could send WebID, then that is the WebID that is used by WebAC.

   Are there any assumptions what system the user originates from or is part of. We are using Drupal account to authenticate against other services. Do we need to have an analogous resource in each system? No, the WebID can be an arbitrary URL.

   Most of the information we were embedding, we are not using. So we can remove it for now and adjust as we need to add it back in.

   If we flushed users back to the repo and model the roles as groups of users, we could do that. Not sure it is useful.

   Audit would use IRI.

   These are the IANA-registered JWT claim keys: https://www.iana.org/assignments/jwt/jwt.xhtml

   Also there are Java libraries we can use for Syn to reduce the amount of code we are replicating.

2. Stopping and starting stuff, can fix the issue. However it does seem to be a problem because of all the stuff we are deploying in a single box.

   Could replace blueprint with spring boot or dropwizard.

   Will this really solve the problem? What are we doing with Karaf that is causing this to happen?

   Track the issue even if we implement this startup work around as lots of Islandora people will need a single server setup.

3. A complete re-write of two of our microservices. One for transforming our Drupal resources to Fedora and the URL mapping service.

   Only uses PUT and DELETE operations now. The largest benefit is that if you have a syncing problem, you just save it again in Drupal.

   Need testers, this is a large set of PRs. There are 2 PRs to help make this a little easier. One for claw_vagrant and one for claw_playbook.

4. Versioning in CLAW Because we have a CMS sitting on top of Fedora. Do we want to version on each change?

   My understanding in Drupal is you can do auto-versioning and also manually slice a version.

   At the end of the day, what ever you do in Drupal we would carry over to Fedora for each version.

   We haven't explored that yet with the JCR way of doing it. We are going to try and take whatever Drupal does out of the box.

   Fedora will not be doing auto-versioning, but do we want a Fedora version for every Drupal version?

   Ideas are welcome.

   Out-of-the-box Drupal does manually sliced versions.

5. Metadata in CLAW In CLAW will there be a community decided way of representing stuff or will you still be able to create your own.

   There will be some consistency in data modelling for representing resources, but you will not be restricted. The MIG is working on a common set of mappings to help with the MODS -> RDF changes. This will be helpful but it is not a limiting factor.

6. We have microservices that are written in PHP, which are deployed in API-X but we are not wiring them together. Here is the ticket. https://github.com/Islandora-CLAW/CLAW/issues/739 Is there a way in Ansible for the fact for the task be a HEAD request which checks for 200 or 404.