THURSDAY Jan 26, 2023 

     0830 PST / 1130 EST / 1730 CEST / 2200 IST 

ZOOM:
https://us02web.zoom.us/j/81248285235?pwd=cjBROTM2T0hHNTdLbU5qeGs2a1ZHUT09


Meeting Agenda 

  • Discuss current status of releases 
  • Discuss next release (1.9) 
  • Discuss roadmapping document and broad areas of need 
  • Roadmap priorities for project 
  • Roadmap by quarter based on known work planned or under consideration 


Discussion Materials 

Project Roadmap January 2023 (DRAFT)  

as working document 


Release 1.9  [ Proposal for end of February 2023? ]



Release 1.10  (one point ten) 

may use 1.10.0 for clarity? 

  • Spring Batch 3.0 upgrade
  • Spring Batch jobs improvements 
  • Business date handling completed 
  • Chargeback improvements 
  • Tenant separation and security improvements 
  • Scalability enhancements 
  • Initial Loan Refactoring
  • Bug fixes 

Timing TBD (early May would make it quarterly, and thus quarterly would be "early" Feb, May, Aug, Nov ) 

--------- 


 MEETING NOTES

  • Release 1.9 can be done . Aleks agrees to do release management with a code snapshot date of Feb 8th.  Artifacts available for review shortly thereafter. 
  • Timing of 1.9 release?  
    • Better to be out sooner than later 
    • Going through a release will hopefully enhance our bug identification and improve stability. 
    • Release review period will likely identify issues. We will broadcast more thoroughly.  
    • "Code freeze" Feb 8th (dev branch remains active)  - Aleks 
  • Documentation needs additional review in the release process 
    • Link from wiki doc to Ascii doc 
    • Ed to review the documentation artifacts 
    • Aleks to add section in documentation about utility for upgrading (to liquibase) which also means making change to "how to upgrade" documentation 
  • Agreement on priorities for the year - see ROADMAP 
    • Quality and security improvements are needed - looking for additional tooling for detecting issues and/or new framework ?  
      • Side discussion by Aleks about using domain specific query building 
      • Was mentioned before, suggest we get to:  QueryDSL or JOOQ (licensing checks out we think) 
    • Already doing something around priority of build on top, so ok for that, but need more documentation.
  • Side discussion around how to do the secure access control model 
    • Security concept proposed by volunteers (at IBM, not members of fineract yet) 
      • Context:  Fineract uses a fairly traditional security model, with access controls and data control mechanisms (like 90% of spring applications out there) 
      • But, when Fineract gets implemented in production somewhere, they (the implementer) tries to implement a security and Auth model on top of this, usually a laborious hack to link this up 
      • So, one recommendation is to REMOVE all security related aspects within Fineract and implement security outside that enforces inside 
        • Factor the security elements out 
        • Implement a model of security and document it , via toolset   
        • then can use OpenPolicy Agent, a very popular security framework for Kubernetes, or similar
        • advantage is that it is highly flexible.  
        • access control communication takes place at an implementation and client level 
        • This would be very complicated to remove (e.g. appUser is utilized throughout, at database layer and Spring) 
        • This would improve performance because of extensive use of AppUser and the implied joins that it creates 
  • Improvements list - adding to it 
    • see ROADMAP document 
  • Documentation of the project in automated tool (ASCII doc) → https://fineract.apache.org/docs/current/ 
    • using new approach of in the git next to the code 
    • Business vs technical mishmash 
    • Searchers need Developer tools (how to extend, how to set up, what database, etc) 
    • or User documentation - what does this do?  What is loan product flow?  User interface flow. 
      • Should explain the business logic (can create loan products, change parameters, etc. )
      • Capabilities description 
    • API documentation ideally should be self-documenting / using open-api descriptors (because of lack of type safety, needs manual maintenance of this) 
      • swagger descriptor ... not in synch 
  •  All of this going into Proposing a  Project Roadmap January 2023 (DRAFT)
  • In attendance:  PMC members:  Aleks, EdCable, Jdailey , guest Istvan M  
  • No labels