Data Authorization‐W912HQ25P0049 - USACE/cwms-data-api GitHub Wiki

Project Overview

CWMS Data Authorization Project Overview

This page contains meeting notes and other documentation related to progress on a contract to improve data operations and security. While the majority of data in the CWMS database is public by law, some data we store must be private, or at least have release delayed in time by various agreement with those entities that own that data, such as a privately owned dam upstream of a flood control project.

The information is being stored here given a need to have a record of it, and in the interest of transparency. We ask that anyone that isn't USACE staff that work on this project, or the vendor doing the work, refrain from editing this page. If there are points of concern you wish to address please open a discussion about it so it can be addressed.

Key Links and Resources for project

Resource Link
Project Wiki Home Page (this page) https://github.com/USACE/cwms-data-api/wiki/Data-Authorization%E2%80%90W912HQ25P0049
Kanban board https://github.com/orgs/USACE/projects/49/views/1
CDA Wiki https://github.com/USACE/cwms-data-api/wiki/Data-Authorization%E2%80%90W912HQ25P0049
Bitbucket Repo https://bitbucket.hecdev.net/projects/CWMS/repos/cwms_database
Data API Repo https://github.com/USACE/cwms-data-api/
CWMS Python Wrapper Repo https://github.com/HydrologicEngineeringCenter/cwms-python
CWMS Database Repo https://github.com/HydrologicEngineeringCenter/cwms-database
CWMS Data Repo https://github.com/cwbi-dev-infrastructure/cwms-data
USACE Org Policy https://github.com/USACE/policies?tab=readme-ov-file#user-profiles
Docker Compose for CDA getting started wiki page https://github.com/USACE/cwms-data-api/wiki/How-to-use-Docker%E2%80%90compose-with-a-windows-Client

Meeting Minutes

Project Kickoff 5/19/25

Core Meeting Metadata

topic detail
Meeting Title W912HQ25P0049 CWMS Database Authorization Updates Kickoff
Date/Time 5/19/25, 2pm EST
Meeting Location Virtual (MS Teams)
Meeting Remote Link information See meeting Invite
Meeting Purpose Kickoff meeting for CWMS Authorization Improvements contract

Meeting Agenda

  1. Introductions
  2. Verify current source code locations methods of contribution
  3. Scheduling the regularly occurring meetings
  4. General questions

Meeting Invitees and Attendees

Invitee Present? Org
Michael Neilson (host) Y USACE - HEC
Charles Graham Y USACE - HEC
Eric Novotny Y USACE - HEC
Fauwaz Hanbali Y USACE - HEC
Jorge Hassan Y SolidLogix
Milver Valenzuela Y SolidLogix
Todd Boss Y SolidLogix
Ryan Cunningham Y SolidLogix
Christina Whitehead Y SolidLogix
Vairav Laxman Y SolidLogix

Meeting Detailed notes

Note: a Powerpoint deck was used to drive the meeting: see here: USACE CWMS Kickoff Meeting Presentation 2025.05.19.pdf

Agenda Item #1: Introduction of the teams

All team members from both sides were introduced, with tiles and job roles described. The project team for both the Government and the Contractor are as follows:

From SolidLogix:

  • Jorge Hassan - SolidLogix CEO, Executive Sponsor & Solutions Architect.
  • Milver Valenzuela - SolidLogix COO, Project Director.
  • Todd Boss - Project and Data Manager.
  • Ryan Cunningham - Senior Software Engineer.
  • Christina Whitehead - Business Analyst.
  • Vairav Laxman - Software Engineer.

From USACE HEC:

  • Michael Neilson - main technical POC, COR
  • Charles Graham - district staff member for ACE, community outreach/front-end
  • Eric Novotny - data team lead for water management section, database development
  • Fauwaz Hanbali - senior hydraulic engineer During the team introductions, the HEC team described the technical scope: CWMS Data API, time series authorization, cloud migration context, and stakeholder access goals.

Agenda Item #2: Verify current source code locations methods of contribution

The team discussed the current technical makeup of the project, discussed communication, tooling, and other development topics.

  • CWMS API is hosted publicly on GitHub – Solid Logix will fork it for contribution.

  • Docker Compose setup with local Oracle database image is available for local dev/testing.

  • HEC will share a ready database image, schema repo, and setup guides.

  • HEC to grant GitHub repo access and create DevNet SSO/rocket.chat accounts for Solid Logix team.

  • Fork-first development model will be followed; internal contributions may be considered later.

  • Rocket.Chat + Discourse to be used for real-time communication and stakeholder engagement.

  • Focus is on time series authorization and integration into the existing CWMS Data API.

  • Local schema includes metadata but not time series data – HEC can provide loading tools.

  • No CAC required now – if needed later, they'll work to expedite it.

  • Target architecture is cloud-first; PostgreSQL is preferred long term, but Oracle is current baseline.

  • Unit/integration tests will be run through GitHub Actions.

  • HEC is open to sharing real use cases, success criteria, and sample data once accounts are in place.

  • Mike to provide list of stakeholders for interviews.

  • HEC emphasized “open, opinionated, and collaborative” community culture.

Agenda Item #3. Scheduling the regularly occurring meetings The team discussed meeting cadence, plus discussed documentation initiatives and talked about other Project Management issues.

  • Bi-weekly meetings to be scheduled starting Monday, 5/27 @ 11AM EST / 8AM PST
  • Next Monday is a Federal Holiday: we’ll do a one-off Tuesday 5/28 meeting, then return to every other Monday cadence.
  • Todd will manage the cadence, project board (GitHub Projects), and wiki structure.
  • We will use GitHub Projects to do Task tracking
  • We will use GitHub Wiki for online documentation.
  • GitHub wiki and Issues will serve as the single source of truth for docs, MFRs, and meeting notes.
  • Formal MFRs (Memos for Record) will be used when decisions are finalized.
  • Both sides are on the same page w/r/t transparency and documentation, and we’ll do our best to use the tools and to document as much as possible.

Agenda Item #4: General questions and Next Steps. General Questions as documented in the Kickoff deck; the five major subject areas to cover were:

  1. Source code & Collaboration
  2. Environment & Infrastructure
  3. Authorization Design Input
  4. Stakeholders & Meetings
  5. Additional Considerations.

Questions or blockers? Reach out via email or rocket.chat once available. The USACE team endeavors to be as responsive as possible, given their role as government employees.

All Next Steps are captured as Action Items with assignees.

Action Items

Action item Assignee
HEC will share a ready database image, schema repo, and setup guides HEC Team
HEC to grant GitHub repo access HEC Team
Create DevNet SSO/rocket.chat accounts and Discourse action HEC Team
Solid Logix to send GitHub usernames and team email list to HEC Todd Boss
Schedule recurring Monday every two week meetings Todd Boss
Mike to provide list of stakeholders for interviews. Mike Neilsen
Solid Logix to try Docker Compose setup and report issues SolidLogix Dev Team
Define repo structure (sub-project vs separate repo) by end of week Team

Bi-Weekly Status Meeting 5/27/25

CWMS Database Authorization Bi-Weekly Status Meeting 5/27/25

Core Meeting Metadata

topic detail
Meeting Title CWMS Database Authorization Bi-Weekly Status Meeting 5/27/25
Date/Time 5/27/25 11am EST/8am PST (note; this is off one day from normal cadence due to Federal Holiday on 5/26/25)
Meeting Location Virtual (Google Meet)
Meeting Remote Link information See meeting Invite
Meeting Purpose Bi-Weekly Status Meeting for CWMS Database Authorization Project

Meeting Agenda

  1. Review Open Action Items for Status and Completion
  2. Review Kanban Board Structure
  3. Discuss Overall plan of attack for Project
  4. Discuss Status of current Deliverables being worked
  5. General Discussion, Questions

Meeting Invitees and Attendees

Invitee Present? Org
Michael Neilson Y USACE - HEC
Charles Graham Y USACE - HEC
Eric Novotny Y USACE - HEC
Fauwaz Hanbali Y USACE - HEC
Dave Kaplan N USACE - HEC
Matthew Fleming N USACE - HEC
Jorge Hassan Y SolidLogix
Milver Valenzuela Y SolidLogix
Todd Boss (host) Y SolidLogix
Ryan Cunningham Y SolidLogix
Christina Whitehead Y SolidLogix
Vairav Laxman Y SolidLogix
Raul Proenza N SolidLogix

Open Action Item discussion

Action Item Assignee Status Completion Date
HEC will share a ready database image, schema repo, and setup guides HEC Team Docker image provided in kickoff, complete Done with 5/19/25 kickoff.
HEC to grant GitHub repo access HEC Team/Mike We can clone repo, fork USACE repo. One was private, now granted access to Ryan. Jorge and Vairav still need access. Mike sent emails to get things set up. Anyone should be able to edit wiki on the CDA project. Todd specifically invited by Mike to edit during Meeting; done Done during 5/27/25 Meeting
Create DevNet SSO/rocket.chat accounts and Discourse action HEC Team/Mike Mike has informed internal Admin, not yet done. When done, we’ll get emails to indicate as such.
Solid Logix to send GitHub usernames and team email list to HEC Todd Boss Done, sent list of git usernames and emails to USACE team. Jorge to re-send today to add one more developer during meeting 5/20/25, 5/27/25 follow up done.
Schedule recurring Monday every two week meetings Todd Boss Done; scheduled one-off 5/27 meeting then every two-weeks cycle 5/20/25
Mike to provide list of stakeholders for interviews. Mike Neilsen Mike sending email imminently during meeting Sent 5/27/25.
Solid Logix to try Docker Compose setup and report issues Solid Logix team Ryan: done. We have Docker compose done, now testing 5/23/25
Define repo structure (sub-project vs separate repo) by end of week Team Mike suggests starting as a subproject of the data api. Add it as a new directory in the existing repo. Decision made 5/27/25

Meeting Detailed notes

Highlights:

  • The meeting centered on establishing the technical environment, onboarding procedures, and outlining collaboration methods.
  • The technical team confirmed the successful setup of initial development tools, including a containerized local environment and access to foundational schema resources.
  • Repositories and documentation relevant to the data API project were reviewed.
  • A Kanban-based tracking model will be used for task management and milestone tracking.
  • Early priorities include familiarization with the data API and associated UI planning.
  • Billing practices were aligned to tracked deliverables and development progress.

Key Technical Notes:

  • The system under development is a data-centric API supporting time series management and related operations.
  • A pre-configured container image was made publicly available for bootstrapping local development.
  • Development contributions will be managed within a shared repository, using GitHub Projects for coordination.
  • A Swagger-based interface is available for exploring API functionality.
  • Role-based access control (RBAC) and identity features are in progress but not mandatory for initial development.
  • Versioning is managed at the data layer; endpoint URLs do not include version tokens.
  • Time series endpoints are the first area of focus, followed by UI mockups aligned with planned access controls.

Action Items Discussion and Disposition

  • Local environment and schema access confirmed by both teams.
  • GitHub access permissions under review and being updated.
  • Access to internal collaboration tools (e.g., chat, wiki) is being provisioned.
  • Discussion underway on whether additional access to private repositories is needed.
  • A shared Kanban board is being built to reflect active and upcoming tasks.
  • A stakeholder list has been distributed via secure channel.
  • Initial invoice to be drafted based on progress indicators tied to Kanban status.
  • Project tooling permissions and access to be validated by developers.
  • Local development is preferred for now; potential cloud environment needs will be reassessed.
  • Contributors are encouraged to review shared documentation and example notebooks.

Action Items: New from this meeting

Action item Assignee
Get Kanban fully populated with PWS tasks and subtasks Todd Boss
Get billing process defined and ready to go Milver, Todd
Confirm wiki/project edit capabilities just provided Todd, Milver
Begin setting up Stakeholder interviews Todd, Christina

Bi-Weekly Status Meeting 6/9/25

CWMS Database Authorization Bi-Weekly Status Meeting 6/9/25

Core Meeting Metadata

topic detail
Meeting Title CWMS Database Authorization Bi-Weekly Status Meeting 6/9/25
Date/Time 6/9/25 11am EST/8am PST
Meeting Location Virtual (Google Meet)
Meeting Remote Link information See meeting Invite
Meeting Purpose Bi-Weekly Status Meeting for CWMS Database Authorization Project

Meeting Agenda

  1. Review Open Action Items for Status and Completion
  2. Review Kanban Board And Provide Updates on Epics and Tasks
  3. General Discussion, Questions

Discussion to include:

  • Local setup of API and DB working
  • We are using Docker to run things locally
  • We see the skeletal tables in the CWMS schemas
  • We begun analysis of the API code base and are exploring solutions
  • Current plan is to focus on RBAC + ABAC approach options; in a spike we need more down time to do research

Meeting Invitees and Attendees

Invitee Present? Org
Michael Neilson Y USACE - HEC
Charles Graham Y USACE - HEC
Eric Novotny Y USACE - HEC
Fauwaz Hanbali N USACE - HEC
Dave Kaplan N USACE - HEC
Matthew Fleming N USACE - HEC
Jorge Hassan Y SolidLogix
Milver Valenzuela Y SolidLogix
Todd Boss (host) Y SolidLogix
Ryan Cunningham Y SolidLogix
Christina Whitehead Y SolidLogix
Vairav Laxman Y SolidLogix
Raul Proenza N SolidLogix

Open Action Item discussion

Action Item Assignee Status Completion Date
Create DevNet SSO/rocket.chat accounts and Discourse action HEC Team/Mike Mike has informed internal Admin, not yet done. When done, we’ll get emails to indicate as such. 6/9: Mike Escalating Open
Confirm wiki edit capabilities Todd, Milver Confirmed wiki editing going forward Closed 5/28/25
Confirm project edit capabilities Todd, Milver Project config issues remain, resulting in use of outside Project for now. Mike found issue, functionality restored, closing Resolved 6/9/25
Get Kanban fully populated with PWS tasks and subtasks Todd Boss Kanban setup in SL project, moving forward Done 6/4/25
Get billing process defined and ready to go Milver, Todd Done, first invoice generated done 6/1/25
Begin setting up Stakeholder interviews Todd, Christina Christina created pre-survey and Skeleton, ready to schedule Open

Meeting Detailed notes

Meeting Summary: Project Stakeholder Sync Participants: USACE Representatives and Solid Logix Team

Highlights Interview Preparation:

  • Solid Logix team developed a pre-interview survey and a structured interview guide to support upcoming stakeholder engagements. Approval from the agency is pending before scheduling begins.

Stakeholder Engagement Strategy:

  • One-on-one interviews are preferred to maximize feedback.
  • USACE will notify internal stakeholders; Solid Logix team will coordinate logistics and scheduling.
  • An additional stakeholder was identified for inclusion.

Local Development Environment:

  • Solid Logix team completed local environment setup using containerized deployment.
  • A key gap identified: lack of seeded data for validating access control configurations.
  • USACE agreed to provide example data in standard formats to support testing.

Technical Updates:

  • Recent changes improved how access control is managed in the codebase.
  • Test data injection via configuration files was recommended for local testing.
  • Current logging mechanisms do not expose all session context details; enhancements are planned.
  • Existing role enforcement is simplified, based on office-level permissions.

Security Model Planning:

  • The team plans to use data from interviews and system analysis to inform design of candidate access models.
  • Future tasks will include analyzing permissions and building hybrid RBAC/ABAC models.

Project and Repository Coordination:

  • Issues related to project board alignment and permissions on the version control platform were resolved.
  • Solid Logix team now has full access to submit and track issues.

Communication Logistics:

  • Some email delivery issues were reported between the two organizations, potentially due to attachments or server configurations.
  • Multiple recipients will now be CC’d to ensure communications are received.

Action Items

  1. Resolve Communication Issues:
  • Solid Logix team to resend key emails and include additional recipients.
  • USACE team to investigate possible mail server filtering or quarantining.
  • See open action item for Rocket accounts escalation
  1. Initiate Stakeholder Interviews:
  • Solid Logix team to send interview requests and begin scheduling.
  • Survey form will be updated to capture respondent identity for correlation.
  • Each interview will be scheduled as a one-on-one session (approx. 1 hour).
  1. Seed Test Data:
  • USACE to prepare and share a limited dataset for local testing of security and access control logic.
  • Possible use of container-based utilities to automate loading of test data.
  1. Repository and Task Tracking:
  • Project issues and Kanban tasks will now be tracked under the correct repository.
  • Access rights have been updated to allow task ownership and triage.
  1. Next Phase Planning:
  • Solid Logix team to begin dependency and use-case gathering immediately after interviews.
  • Permission analysis and model design will follow based on insights gathered.

Action Items: New from this meeting

Action item Assignee
USACE Seed Test Data USACE Staff/Eric

Bi-Weekly Status Meeting 6/23/25

CWMS Database Authorization Bi-Weekly Status Meeting 6/23/25

Core Meeting Metadata

topic detail
Meeting Title CWMS Database Authorization Bi-Weekly Status Meeting 6/23/25
Date/Time 6/23/25 11am EST/8am PST
Meeting Location Virtual (Google Meet)
Meeting Remote Link information See meeting Invite
Meeting Purpose Bi-Weekly Status Meeting for CWMS Database Authorization Project

Meeting Agenda

  1. Review Open Action Items for Status and Completion
  2. Review Kanban Board And Provide Updates on Epics and Tasks
  3. General Discussion, Questions

Meeting Invitees and Attendees

Invitee Present? Org
Michael Neilson Y USACE - HEC
Charles Graham Y USACE - HEC
Eric Novotny N-OOO USACE - HEC
Fauwaz Hanbali N USACE - HEC
Dave Kaplan N USACE - HEC
Matthew Fleming N USACE - HEC
Jorge Hassan N-conflict SolidLogix
Milver Valenzuela Y SolidLogix
Todd Boss (host) Y SolidLogix
Ryan Cunningham Y SolidLogix
Christina Whitehead Y SolidLogix
Vairav Laxman Y SolidLogix
Raul Proenza N SolidLogix

Open Action Item discussion

Action Item Assignee Status Completion Date
Create DevNet SSO/rocket.chat accounts and Discourse action HEC Team/Mike Mike has informed internal Admin, not yet done. When done, we’ll get emails to indicate as such. 6/9: Mike Escalating. done 6/11, team confirming. Done 6/11/25
Begin setting up Stakeholder interviews Todd, Christina Christina created pre-survey and Skeleton, ready to schedule, email config issue blocker resolved 6/11/25, emails sent and scheduling started In progress 6/11/25; 1 done, 2 scheduled as of 6/23/25
USACE Seed Test Data USACE Staff/Eric Discussed 6/10/25, USACE actively working. goal is something by 6/13/25 Eric delivered 6/17
Resolve Email connectivity issues Team Emails not going through, SL diagnosed with USACE IT, discovered email MX/SPF record issue resolved 6/11/25

Meeting Detailed notes

Summary

The team reviewed progress on test data implementation, stakeholder interviews, logging infrastructure, and auditing controls. Solid Logix provided updates on data loading and container compatibility. USACE participants discussed database auditing design choices, API access limitations, and evolving stakeholder interview strategies. Logging framework gaps and the need for structured telemetry were acknowledged. Invoicing processes were clarified. The meeting was collaborative and forward-looking, with early technical validation supporting downstream access control analysis.

Technical Insights

  • Test Data Branch & Execution (Solid Logix):
  • Seed data is being loaded from the feature/data-initialization branch, which builds on develop.
  • Jupyter Notebooks are present in the branch but have not yet been reviewed.
  • Execution is being validated through docker compose up against a clean environment.

Docker/Podman Compatibility (Solid Logix):

  • Docker Compose files are confirmed to run equivalently in Podman Compose.
  • This ensures interoperability across environments used by different developers (e.g., Docker vs. Podman).

Stack Initialization Quirk (Solid Logix):

  • The data-api occasionally starts too early in the stack, requiring a manual restart.
  • While not currently observed in Vairavan's setup, additional testing (e.g., hot reload scenarios) is underway.

DB Schema and VPD Integration (Solid Logix + USACE):

  • Seed data integration is essential to support upcoming VPD policy testing.
  • Visibility of role-based restrictions and schema alignment depend on successful test data deployment.

Logging Infrastructure (USACE):

  • Google Flogger and Tomcat backend are used but do not support structured logging effectively.
  • A future upgrade to a more robust logging system is under consideration but currently low priority.
  • Access Control & Embargo Considerations

API Usage Observability (USACE):

  • Access logs often lack originating IP addresses due to multiple proxy layers.
  • Some API usage occurs in district-local instances outside central observability.
  • Prometheus logging is being piloted in dev environments, with plans to capture office-level data context.

Oracle Auditing Policy (USACE):

  • SELECT auditing is disabled to prevent performance degradation.
  • Destructive operations (INSERT/UPDATE/DELETE) are typically logged.
  • Some districts may not have full audit enablement despite policy assumptions.

Data Embargo Enforcement (USACE):

  • A 10-day embargo is in place for certain operational data (e.g., power plant flows).
  • Embargoes are policy-driven and enforced through memorandums of understanding, not technical restrictions.
  • Some district-specific datasets may be withheld for commercial purposes.

Stakeholder Interviews Current Status (Solid Logix):

  • One interview completed. Two more scheduled.
  • Survey resends are planned to boost participation.
  • Persona Mapping & Permission Gap Analysis (Solid Logix):
  • Interview insights will inform future persona documentation and permission role design.

Participant Suggestions (USACE):

  • Emphasis placed on including non-technical and power users to balance perspectives.
  • External heavy API users such as NOAA were recommended for interview outreach.
  • GitHub commit metadata (e.g., TVA contributors) may help identify further stakeholders.

Action Items: New from this meeting

Action item Assignee
Mike Would like to see RFC progress Jorge/SL dev team
Invoicing process changed Mike & Milver

Bi-Weekly Status Meeting 7/7/25

CWMS Database Authorization Bi-Weekly Status Meeting 7/7/25

Core Meeting Metadata

topic detail
Meeting Title CWMS Database Authorization Bi-Weekly Status Meeting 7/7/25
Date/Time 7/7/25 11am EST/8am PST
Meeting Location Virtual (Google Meet)
Meeting Remote Link information See meeting Invite
Meeting Purpose Bi-Weekly Status Meeting for CWMS Database Authorization Project

Meeting Agenda

  1. Review Open Action Items for Status and Completion
  2. Review Kanban Board And Provide Updates on Epics and Tasks
  3. General Discussion, Questions

Meeting Invitees and Attendees

Invitee Present? Org
Michael Neilson Y USACE - HEC
Charles Graham Y USACE - HEC
Eric Novotny -- USACE - HEC
Fauwaz Hanbali -- USACE - HEC
Dave Kaplan N USACE - HEC
Matthew Fleming N USACE - HEC
Jorge Hassan Y SolidLogix
Milver Valenzuela Y SolidLogix
Todd Boss (host) Y SolidLogix
Ryan Cunningham Y SolidLogix
Christina Whitehead Y SolidLogix
Vairav Laxman Y SolidLogix
Raul Proenza N SolidLogix

Open Action Item discussion

Action Item Assignee Status Completion Date
Mike Would like to see RFC progress Jorge/SL dev team Open --
Invoicing process changed Mike & Milver Open --

Meeting Detailed notes

  • tbd
  • tbd

Action Items: New from this meeting

Action item Assignee
Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️