2025-03-05

This CAB meeting was held at March 5, 2025 at 15:00 CET.

Agenda

Welcome + introduce new participants
Update on the implementation of RFCs on the RFC board
1. Update on release 2.1
Advice on the implementation of RFCs
1. Tentative: RFC037: Redefine licenses, add licenses and make them machine readable
2. Tentative: RFC061: Add CRUD operations to Parties endpoint
Input/review required
Advice on newly incoming RFCs
RFC prioritisation: discuss priority on the RFC board
Wrap up and outlook to next quarter

Meeting results

The slides used are available here.

Version 2.1 is expected to be released this week. It contains several RFCs and further improvements in the quality of documentation.
The impact analysis of both RFC037 and RFC061 have been delayed and cannot be discussed for a final advice. They are urgent however because the community expects them to be released in upcoming summer release. It was decided that iSHARE Foundation organises a extraordinary CAB meeting for discussing these two RFCs only.
Participants are invited to support in the analysis of requirements and impact of RFCs.
The incoming RFCs are discussed.
1. Remove JSON wrapper in API request and response: Positive response from CAB. Possibly use content negotiations as a way of maintaining backwards compatibility.
2. Improve portability and maintainability of clients in multiple data spaces: Positive response from CAB. This RFC is an opportunity to look at the modelling of the party object.
3. Extend iShare assessment framework based on DSGO input: CAB advises to rename the RFC to 'Revisit assessment framework' so that it can also include eIDAS 2 regulation and any other relevant regulation, next to the input that can be taken from the DSGO normenkader.
4. Additional header fields for Licenses: CAB advises to take input from RFC037 about licenses and make sure that this is covered in this RFC. Also note that the /service endpoint that uses LicensePurpose is only an example (best practice) implementation, not a mandatory implementation. It should help interoperability by adding this in the best practice implementation.
5. More flexibility in JSON Web Token attributes: Positive response from CAB. This must be seen as a correction and revisiting of JWT requirements. It was never the intention to limit the possible JWT attributes.
6. party_info object alignment between DSGO and iSHARE: CAB advises to merge this RFC into "Improve portability and maintainability of clients in multiple data spaces".
7. Remove possibility for parties with partial compliance: CAB advises to not just remove the section, since the parties endpoint seems to reflect some of it in the attributes legal_adherence and compliancy_verified. These attributes are role related however. This RFC should focus on clarifying how the framework specifies legal and technical compliance. The RFC must be renamed to reflect this as well.
8. Support different levels of conformance testing for Authorisation Registry: CAB advises to ask the requestor of the RFC to specify more precisely what is requested in terms of different levels, since the requirements for ARs only include one specific endpoint. What exactly is the point where compliance becomes difficult and costly?
RFC037 Licenses is put on release 3.0 temporarily. Next extraordinary CAB meeting we should consider if this requires an extra release. RFC044 and RFC049 are requested to be considered as part of 3.0. iSHARE Foundation will check if possible and respond to it in the next CAB meeting.
iSHARE Foundation will update everyone when version 2.1 is available.

Last updated 22 days ago

2025-03-05

This CAB meeting was held at March 5, 2025 at 15:00 CET.

Agenda

Welcome + introduce new participants
Update on the implementation of RFCs on the RFC board
1. Update on release 2.1
Advice on the implementation of RFCs
1. Tentative: RFC037: Redefine licenses, add licenses and make them machine readable
2. Tentative: RFC061: Add CRUD operations to Parties endpoint
Input/review required
Advice on newly incoming RFCs
RFC prioritisation: discuss priority on the RFC board
Wrap up and outlook to next quarter

Meeting results

The slides used are available here.

Version 2.1 is expected to be released this week. It contains several RFCs and further improvements in the quality of documentation.
The impact analysis of both RFC037 and RFC061 have been delayed and cannot be discussed for a final advice. They are urgent however because the community expects them to be released in upcoming summer release. It was decided that iSHARE Foundation organises a extraordinary CAB meeting for discussing these two RFCs only.
Participants are invited to support in the analysis of requirements and impact of RFCs.
The incoming RFCs are discussed.
1. Remove JSON wrapper in API request and response: Positive response from CAB. Possibly use content negotiations as a way of maintaining backwards compatibility.
2. Improve portability and maintainability of clients in multiple data spaces: Positive response from CAB. This RFC is an opportunity to look at the modelling of the party object.
3. Extend iShare assessment framework based on DSGO input: CAB advises to rename the RFC to 'Revisit assessment framework' so that it can also include eIDAS 2 regulation and any other relevant regulation, next to the input that can be taken from the DSGO normenkader.
4. Additional header fields for Licenses: CAB advises to take input from RFC037 about licenses and make sure that this is covered in this RFC. Also note that the /service endpoint that uses LicensePurpose is only an example (best practice) implementation, not a mandatory implementation. It should help interoperability by adding this in the best practice implementation.
5. More flexibility in JSON Web Token attributes: Positive response from CAB. This must be seen as a correction and revisiting of JWT requirements. It was never the intention to limit the possible JWT attributes.
6. party_info object alignment between DSGO and iSHARE: CAB advises to merge this RFC into "Improve portability and maintainability of clients in multiple data spaces".
7. Remove possibility for parties with partial compliance: CAB advises to not just remove the section, since the parties endpoint seems to reflect some of it in the attributes legal_adherence and compliancy_verified. These attributes are role related however. This RFC should focus on clarifying how the framework specifies legal and technical compliance. The RFC must be renamed to reflect this as well.
8. Support different levels of conformance testing for Authorisation Registry: CAB advises to ask the requestor of the RFC to specify more precisely what is requested in terms of different levels, since the requirements for ARs only include one specific endpoint. What exactly is the point where compliance becomes difficult and costly?
RFC037 Licenses is put on release 3.0 temporarily. Next extraordinary CAB meeting we should consider if this requires an extra release. RFC044 and RFC049 are requested to be considered as part of 3.0. iSHARE Foundation will check if possible and respond to it in the next CAB meeting.
iSHARE Foundation will update everyone when version 2.1 is available.

Last updated 22 days ago