Standard WG Meeting - June 22, 2023

[kriswest]

Date

Thursday 22 June 2023 - 10am EST / 3pm BST

WebEx info

• Meeting Link
  Meeting number: 665 568 411

More ways to join

• Join by video system:
  • Dial 665568411@finos.webex.com
  • You can also dial 173.243.2.68 and enter your meeting number
• Join by phone
  • +1-415-655-0003 US Toll
  • +44-20319-88141 UK Toll
• Access code: 665 568 411

Meeting notices

• FINOS Project leads are responsible for observing the FINOS guidelines for running project meetings. Project maintainers can find additional resources in the FINOS Maintainers Cheatsheet.

• All participants in FINOS project meetings are subject to the LF Antitrust Policy, the FINOS Community Code of Conduct and all other FINOS policies.

• FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions.

• FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.

Agenda

• Convene & roll call, review meeting notices (5mins)
• Review action items from the previous meeting (5mins)
  • Standard WG Meeting - May 25th, 2023 #1005
• Announcements & updates (10 mins)
  • Conformance testing 2.0 release
  • FDC3 Training & Certification progress update
  • Voting on Desktop Agent Bridging
    • 544 desktop agent bridging proposal mk2 #898
• Report from Context Data & Intents discussion group on how to improve governance (and promotion!) of Context and Intent definitions (10 mins)
• FINOS members meeting Identity roundtable recap (5 mins)
• Final additions to Consolidated PR for Context Data & Intents (CD&I) updates for 2.1 #994 (5 mins)
• 866 app add listener timeouts #987 (5 mins)
• Custom application config, retrievable via a standardized function #1006 (5 mins)
  • Add deprecations to 2.1?
• Continue discussion of Multiple Language Bindings #990 (remaining time)
• Adjourn

Minutes

• Context Data & Intents governance changes
  • A summary of the discussion from the last CD&I meeting (Context Data & Intents Discussion group - 8 Jun 2023 #1011) was provided, including details on how the current approach is slowing things down/not providing a runway for proposals and proprietary types to become standard types.
  • Consent was requested and received to:
  • Start implementing changes to Context & Intents governance, such that:
    • individual types move outside of the Standard's normal versioning, while the rules and guidelines that govern them remain tied to Standard versions.
    • proprietary types may be included - to be reviewed only for compliance with main guidelines
    • proposed types to be marked @experimental and differentiated from fully adopted standardized types
  • Tooling to be built to help shift the process to a single schema file per type (Schema can contain everything that currently ends up in the docs - hence docs could be rendered from schema file).
  • Consider a model based on or similar to schemastore.org.
• FINOS members meeting Identity roundtable
  • A summary of the discussion held at the member's meeting was provided - which included identification of unfulfilled use-cases for user, app and desktop agent identity verification in FDC3.
  • A workstream on Identity in FDC3 is warranted.
  • @hampshan suggested that we focus first on codifying the use cases, by examining 'threats' to FDC3/FDC3 implementations first and working backwards to identity and authentication features needed - this proposal was supported by several participants.
  • @kriswest proposed a further discussion group is formed to do so, but also noted:
    • the current high number of FDC3 meetings - 5 of which @kriswest chairs
    • that he would be happy to see someone else step up to chair the new meeting (which he would be participating in instead)
    • that any such meeting would benefit from participation by experts in security
      • most meeting participants have had some interaction with authentication systems, but are not experts on them.
      • however, the firms do often employ security experts, which are not normally part of FDC3 meetings, but could/should be recruited for participation in this topic.
  • The FDC3 maintainers should work on a 'call for participation' that can be used to recruit participants, with a discussion group to be set up after FDC3 2.1 is ready to go.
• Final additions to Consolidated PR for Context Data & Intents (CD&I) updates for 2.1 #994
  • Consent was sought and received to add very basic (id only?) @experimental order and trade context types to FDC3 2.1.
• 866 app add listener timeouts #987
  • Consent was sought and received to merge the changes in this revised PR (creates a requirement for a minimum 15 second timeout for adding a context or intent listener after an app is opened to receive a context or intent/context pair).
• Custom application config, retrievable via a standardized function #1006
  • Consent was sought and received to deprecate customConfig, with a note that it is likely to be replaced by an applicationConfig entry with a Standard API call to retrieve it.
• Multiple Language Bindings #990
  • This discussion was revised, but not completed by the end of the meeting.
  • Several participants agree that it would be nice to be able to define FDC3 in a language-agnostic way
    • However, @kriswest noted that:
      • This would require the use of an Interface Definition Language (IDL) from which language-specific bindings can be generated.
      • Code generator implementations tend to impose decisions about particular structures (e.g. how a language's analog(s) of a Javascript Promise is used), where informed manual decisions by a developer may do a better job
      • The maintainer's team would need support or expanding to maintain these definitions
      • @bingenito had, in the past, made some very astute comments regarding the existence of bindings for other languages 'keeping us honest' when it comes to using constructs that are hard to reproduce in other languages (e.g. Typescript unions)
  • @nkolba suggested that additional language bindings could be provided as separate 'projects' in FINOS under the FDC3 umbrella
  • @rikoe suggested that the typescript bindings could also be separated out into their own project...
  • @kriswest requested that @psmulovics / @bingenito and @timjenkel (as authors of proposed bindings for .Net and Java) consider their preferences for how specific language bindings should be handled in FDC3, and their/their firm's ability to take on long-term maintenance of the bindings and feedback to the FDC3 community of how proposed changes to FDC3 affect them for discussion at the next meeting

Decisions Made

• Begin changing the governance of specific Context & Intent type definitions + build tooling to make the process easier.
• Establish a workstream/discussion group focused on Security threats & (user/app/desktop agent) identity in FDC3 and recruit security focused participants.
• Add very basic@experimental order and trade context types to FDC3 2.1.
• merge 866 app add listener timeouts #987
• deprecate customConfig in appD in prep for Custom application config, retrievable via a standardized function #1006

Action Items

• @kriswest Open DAB briding vote via email
• @finos/fdc3-maintainers review training document drafts
• @finos/fdc3-maintainers implement changes to FDC3 Context Data & Intents governance
• @finos/fdc3-maintainers prepare call for participation in an FDC3 Security Threats & Identity discussion group
• @mistryvinay, @kriswest, @nemery add very basic (id only?) @experimental order and trade context types to FDC3 2.1.
• @kriswest merge 866 app add listener timeouts #987 into 2.1 predraft.
• @kriswest Deprecate customConfig in appD records (as part of FDC3 2.1, in prep for Custom application config, retrievable via a standardized function #1006), with note about future replacement.
• @kriswest add Multiple Language Bindings #990 to the next meeting agenda to complete discussion.

Rolled over from previous meetings:

• Proposal to add .NET interfaces and context declarations #931
  • Review of the proposed .NET interfaces by firms that will benefit from them is needed - along with a commitment to help with the update of the FDC3 documentation to include them.
• @kriswest @nkolba @pierreneu to work on proposals/PRs demonstrating possible solutions to Question: App-specific context metadata #829. These should include example use-cases demonstrating the need for and utility of the revision
• @finos/fdc3-maintainers to investigate adding code coverage scanning to repo and to propose a unit testing policy/raise a PR to add to governance and resolve Unit Test Policy #832.
• @kriswest or volunteer: raise PR to resolve Add /intents and /contexts endpoints to the AppD API #719
  • Add optional/recommended API endpoints for /intents and /contexts to the appD API.

Untracked attendees

Full name	Affiliation	GitHub username

[hampshan]

Andrew Hampshire @ UBS

[nkolba]

Nick @ Connectifi

[kriswest]

Kris West / Interop.io 🚀

[robmoffat]

Rob / FINOS 🐴

[pierreneu]

Pierre Neu / Symphony

[mistryvinay]

Vinay Mistry / Symphony 🎵

[openfin-johans]

Johan Sandersson / OpenFin 🎁

[mattjamieson]

Matt / White Dog ☀️

[mattjamieson]

Governance of Context and Intents Types from the FDC3 API - requirements and goals.pdf

[hughtroeger]

Hugh Troeger / FactSet

[WatsonCIQ]

Chris Watson / Interop.io