DBA 2nd iteration Solution Architecture

From DE4A
Jump to navigation Jump to search

Introduction

Approach: we follow the SA as was done for Intermediation (1st iteration)

Scope and focus

  • Within scope
    • Modify DO/DE Mocks for S&N en Lookup patterns
    • Common component voor Cross-border subscriptions (optional for MS to use, i.e. not mandatory)
    • Event Notification + Evidence Lookup flavour, in line with PSA 2nd iteration
  • Outside scope
    • Resend a subscription request in case of an error (instead the possibility to inspect the logs and manually resend a request is deemed sufficient (MVP))
    • Include the Evidence in the notification (instead pure notification + lookup)
    • Attribute Lookup

DE4A preconditions

Design choices

Describe what WON'T be implemented for the pilot as well as design choices (see also scope section)

eIDAS and OOP TS

DBA eIDAS solution

Shared solution

Process realisation

Mapping processes/activities to application services and components (PSA --> tables).

Component description

Classify components: DE/DO/Common component.

Requirements

Describe the requirements for application services.

Component Implementation

Describe the implementation of the components.

Expected logical interfaces

Describe the (logical) interfaces between the components.

DC specific solution

Process realisation

Component description

Requirements

Component implementation

Expected logical interfaces

DP specific solution

Process realisation

Component description

Requirements

Component implementation

Expected logical interfaces

DBA OOP TS solution

Maybe this is the place to insert explanation of the subscription application collaboration (and notification?), i.e. front-end/back-end w.r.t. notifications.

The shared solution for the OOP TS consists of all common functionality of the OOP technical system. Most of the common OOP TS components need to be implemented by the data requestor and data transferor, although the OOP TS uses central components as well.

Shared solution OOP TS

Image might need an update, i.e. depict S&N and LKP shared stuff

Shared solution

The OOP TS domain (WP5) provide the data requestor and data transferor with the components needed for

  1. cross-border subscription and notification messages
  2. performing the lookup of an evidence

In the MVP the DBA pilot uses one type of subscription message and one type on notification message that all DC’s and DP’s involved will use. The subscription message is for subscribing to cross-border events generated at the DP. The notification message is for notifying the DC of such events. If the DC desires the Evidence can be retrieved using the Lookup. This implies an update of the IEM (WP3). There will be just one data provider per Member state: the business register, where the subscription will be recored and where the cross border events are generated, i.e.is the authentic source of company information. The DC will subscribe in one Member State at a time. The DP will notify one Member State at the time. The explicit request and the preview functions won't be needed, in both interaction patterns there is no user involvement.

Process realisation

The table below presents the components that implement the application services for the DBA pilot. The process realization is dealt with per pattern with S&N split in two as they are independently triggered.

Subscription

Based on definition on MVP some rows might disappear, i.e. for now the tables are complete w.r.t. PSA.

Process Application Service Components
Initiate subscription (DC) Subscription Initiation eProcedure Back-office Backend
Change subscription (DC) Subscription Initiation eProcedure Back-office Backend
Lookup event provider routing information (DC) Inquire Routing Information Data Service Lookup
Send subscription request (DC)
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Validate subscription request (DP)
  • eSignature Validation Service
  • Message Decryption
  • Authority Check
  • Authorization Controller
  • Trust Service Provisioning
  • Data Encryption/Decryption
Evaluate subscription request (DP) Subscription Evaluation Subscription System
Exception: Prepare subscription error message (DP) Subscription Error Handling Subscription System
Exception Send subscription error message (DP)
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Exception: Forward subscription error (DC) n/a
Exception: Investigate reason for subscription error (DC) n/a
Register subscription (DP) Subscription Creation and Update Subscription System
Confirm subscription (DP) Subscription Confirmation Subscription System
Send subscription confirmation (DP)
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Forward confirmation (DC) n/a
Log subscription information (DC) n/a
Notification
Process Application Service Components
Identify event (DP) Cross-border Event Filter Cross-border Event Handler
Check subscriptions (DP) Subscription Lookup Subscription System
Prepare notification message and subscriber list (DP) Notification Message and Subscriber List Preparation Cross-border Event Handler
Exception: Resend past events (DP) Manual Event Dispatch Notification Front-end
Resolve service metadata (DP) Inquire Routing Information Data Service Lookup
Exception: Resolve subscriber participant ID and inform National Contact Point (DP) Subscription Mismatch Log Notification Front-end
Send event notification (DP)
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Validate event notification (DC)
  • eSignature Validation Service
  • Message Decryption
  • Authority Check
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Determine event response (DC) Event Evaluation eProcedure Back-office Backend
Request change of subscription (DC)
  • Notification Mismatch Signal
  • Update Notification Response Log
eProcedure Back-office Backend
Dismiss event (DC) Update Notification Response Log eProcedure Back-office Backend
Trigger evidence lookup (DC) Update Notification Response Log eProcedure Back-office Backend
Notify Responsible Organization (DC) Update Notification Response Log eProcedure Back-office Backend


Lookup

Note: compared with Intermediation the user is absent.

Process Application Service Component
Determine required cross-border evidence (DC) Cross-border Evidence Matching Evidence Type Translator
Lookup routing information (DC) Inquire Routing Information Data Service Lookup
Request evidence (DC)
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Evaluate evidence request (DP)
  • eSignature Validation Service
  • Message Decryption
  • Data Exchange Service
  • Authority Check
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Establish subject identity (DP) Identity/Record Matching Record Matching

(needed for company matching right?)

Communicate non-availability of OOP (DP)
  • Error Handler
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Extract evidence (DP) Evidence Lookup Evidence Query
Communicate non-availability or Delay of evidence (DP)
  • Error Handler
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Establish non-availability of OOP (DC) Evidence Request Tracker Evidence Interchange Back-end
Compose evidence response (DP) Domestic to Cannonical Evidence Transformation Evidence Portal Back-end
Transfer evidence (DP)
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Forward evidence (DC)
  • eSignature Validation Service
  • Message Decryption
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Evaluate evidence (DC) Requirements/Evidence Matching eProcedure Rules Engine

<<insert updated diagram>>

Component description

The following table lists the shared components.

Component Short description of its use
Evidence service locator (ESL) configuration file As the DBA pilot’s MVP uses just one type of evidence, with just one data provider per Member state (on NUTS0 level), there is no need for dynamic discovery of the data provider and its data services. For the DBA pilot it is sufficient to use a simple configuration file with the required elements (member state and participant id).
SMP For each evidence request and response, information on the receivers Access Point (URL) and its certificates are needed. Each member state hosts an SMP for this purpose. Before sending a request or response, the sending party queries the SMP of the receiver to get this info. 
DNS & SML As there are multiple SMP’s, the sending party needs to know where to find the SMP of the receiver to get the actual metadata. This location can be found in the centrally CEF-hosted DNS, that will be queried by the access point of the sending member state.

DNS entries will be created from the registration of SMP’s: the SML, which is also centrally hosted by CEF.

eDelivery AS4 gateway This component – also referred to as eDelivery access point – handles the secure transfer of the data, including encryption and decryption as well as signing/sealing and validating signatures/seals.

Requirements

Component implementation

Expected logical interfaces

example

Component Expected interface
Evidence service locator (ESL) configuration file IN (from DE4A connector to ESL configuration file):

-         Member state

-         Canonical evidence type

OUT from ESL configuration file to DE4A connector):

-         participant ID

SMP IN (from DE4A connector to SMP):

-         Participant ID

OUT (from SMP to DE4A connector):

-         Service URL

-         Certificate to use

DNS & SML IN (from DE4A connector to DNS):

-         Member state

-         Participant ID

OUT (from DNS to DE4A connector):

-         SMP location

eDelivery AS4 gateway IN (from DE4A connector to eDelivery AS4 gateway):

-         evidence request

OUT (from eDelivery AS4 gateway to DE4A connector):

-         Evidence response

DE4A Connector IN (from data evaluator to DE4A connector):

-         Data evaluator

-         Data evaluating Member state

-         Requested evidence type

-         Company identification (eIDASLegalPersonID, eIDASLegalName)

-         Data providing Member state


OUT (from DE4A connector to data evaluator):

-         Data providing member state

-         Data provider

-         Evidence type

-         Company identification (eIDASLegalPersonID, eIDASLegalName)

-         Evidence (XML)

DC-specific solution

The DC specific solution is different for every DC. The DC specific solution architecture will be specified in the design document of the pilot processes (one for each data consumer). Nonetheless the DC-specific solution at a higher level of abstraction show similarities.

The DC specific architecture consists of the evaluator and requestor specific services. The requestor specific services are typically implemented at Member state level.

Process realization

Subscription
Process Application Service Components
Initiate subscription Subscription Initiation eProcedure Back-office Backend
Change subscription Subscription Initiation eProcedure Back-office Backend
Lookup event provider routing information Inquire Routing Information Data Service Lookup
Send subscription request
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Exception: Forward subscription error n/a
Exception: Investigate reason for subscription error n/a
Forward confirmation n/a
Log subscription information n/a
Notification
Process Application Service Components
Validate event notification
  • eSignature Validation Service
  • Message Decryption
  • Authority Check
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Determine event response Event Evaluation eProcedure Back-office Backend
Request change of subscription
  • Notification Mismatch Signal
  • Update Notification Response Log
eProcedure Back-office Backend
Dismiss event Update Notification Response Log eProcedure Back-office Backend
Trigger evidence lookup Update Notification Response Log eProcedure Back-office Backend
Notify Responsible Organization Update Notification Response Log eProcedure Back-office Backend
Lookup
Process Application Service Component
Determine required cross-border evidence Cross-border Evidence Matching Evidence Type Translator
Lookup routing information Inquire Routing Information Data Service Lookup
Request evidence
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Establish non-availability of OOP Evidence Request Tracker Evidence Interchange Back-end
Forward evidence
  • eSignature Validation Service
  • Message Decryption
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Evaluate evidence Requirements/Evidence Matching eProcedure Rules Engine

<<insert updated diagram>>

Component description

Requirements

Component implementation

Expected logical interfaces

DP-specific solution

The DP specific solution is different for every DP. The DP specific solution architecture will be specified in the design document of the pilot processes (one for each data consumer). Nonetheless the DP-specific solution at a higher level of abstraction show similarities.

The DP specific architecture consists of the owner and transferor specific services. The transferor specific services are typically implemented at Member state level.

Process realisation

Subscription
Process Application Service Components
Validate subscription request
  • eSignature Validation Service
  • Message Decryption
  • Authority Check
  • Authorization Controller
  • Trust Service Provisioning
  • Data Encryption/Decryption
Evaluate subscription request Subscription Evaluation Subscription System
Exception: Prepare subscription error message Subscription Error Handling Subscription System
Exception Send subscription error message
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Register subscription Subscription Creation and Update Subscription System
Confirm subscription Subscription Confirmation Subscription System
Send subscription confirmation
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Notification
Process Application Service Components
Identify event Cross-border Event Filter Cross-border Event Handler
Check subscriptions Subscription Lookup Subscription System
Prepare notification message and subscriber list Notification Message and Subscriber List Preparation Cross-border Event Handler
Exception: Resend past events Manual Event Dispatch Notification Front-end
Resolve service metadata Inquire Routing Information Data Service Lookup
Exception: Resolve subscriber participant ID and inform National Contact Point Subscription Mismatch Log Notification Front-end
Send event notification
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Lookup
Process Application Service Component
Evaluate evidence request
  • eSignature Validation Service
  • Message Decryption
  • Data Exchange Service
  • Authority Check
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Establish subject identity Identity/Record Matching Record Matching

(needed for company matching right?)

Communicate non-availability of OOP
  • Error Handler
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Extract evidence Evidence Lookup Evidence Query
Communicate non-availability or Delay of evidence
  • Error Handler
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Compose evidence response Domestic to Cannonical Evidence Transformation Evidence Portal Back-end
Transfer evidence
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange

<<insert updated diagram>>

Component description

DP

Requirements

Component implementation

Expected logical interfaces

Appendix: archimate component diagrams

DBA eIDAS solution architecture

OOP TS solution architecture