Architecture overview. The DAAS was built to separate access to the application from data access (By example: routing information). This service’s sole purpose is to return data. PARTNER EHEALTH XXXX XXX Timestamp Sign: body+token+TS XXXX SV Timestamp Sign: body+token+TS 1. XXXX XXXX Response AttributeQuery BUS XXXX
Architecture overview. 3.1.2. Functionalities eHealth AddressBook is composed of only a web service, and has the following methods: • SearchProfessionals • SearchOrganizations • GetProfessionalContactInfo • GetOrganizationContactInfo The search operations return a set of results. To access all details of 1 result, a get method needs to be used. The application will allow searching a healthcare person based on: • Name, first name and quality, • XXXX or INAMI number, • City or Zip Code and quality The application will allow searching a healthcare organization based on: • Institution Name and quality, • INAMI, EHP or CBE number, • City or Zip Code and quality The same types of research exist for the healthcare facilities. All possible combinations can be found in the cookbook. Note: Limitations exist for CBE organizations, as not all searches are possible. Users can then use the contact information retrieved to decide what the best means of communication is, depending also on the type of message to be transmitted.
Architecture overview. 3.1.2. Functionalities eHealth AddressBook is composed of only a web service, and has the following methods: SearchProfessionals SearchOrganizations GetProfessionalContactInfo GetOrganizationContactInfo The search operations return a set of results. To access all details of 1 result, a get method needs to be used. The application will allow searching a healthcare person based on: Name, first name and quality XXXX or INAMI number City or Zip Code and quality The application will allow searching a healthcare organization based on: Institution Name and quality INAMI, EHP or CBE number City or Zip Code and quality The same types of research exist for the healthcare facilities. All possible combinations can be found in the cookbook. Note: Limitations exist for CBE organizations, as not all searches are possible. Users can then use the contact information retrieved to decide what the best means of communication is, depending also on the type of message to be transmitted.
Architecture overview. This section provides a more detailed overview of all the main software components and relationships between them. The figure below shows a simplified DataCentre architecture containing some of the components described previously as well as the current workflow represented by the activity diagram highlighted in grey. Figure 23: DataCentre Architecture As the figure shows, all external communications with data providers pass through the Connector Manager component. In case of synchronous communication, the provider client components send the requests according to provider’s protocol and implementation specification and the retrieved responses are immediately returned to the workflow engine. In case of asynchronous communication, the provider client components send the requests to the relevant service and the relevant responses will be later retrieved in two ways:
Architecture overview. The overall architecture of the AAI is illustrated in Figure 27. The diagram shows a set of external Identity Providers (IdPs), and external Attribute Providers (AtPs), where, in the case of Shibboleth, the IdP itself is also an AtP37. At the boundary of the EUDAT core and community services (represented by the large circle) is a front end (or gateway), which accepts tokens and attributes from the existing AAI. The gateway converts an external credential to an internal credential. Note that it may be more efficient to use a single internal credential, rather than the many different credentials provided by the AAI, as otherwise every single service in EUDAT would have to be able to understand every type of credential. Instead, it is better to convert the external token into a single credential. One consequence of this approach is that the gateway now holds a credential with which it can act on behalf of the user. This credential has to be user-specific, as the service providers must know the individual users of the services (or be able to trace them in cases of misuse). The alternative is to use a single internal credential and then track very carefully who is doing what at which time, but this will not scale securely to a large multi-user multi- service infrastructure like EUDAT with multiple gateways38. 37 Of course, every IdP is an AtP: an attribute which says “I have authenticated this person” (e.g. ePTID) is an attribute; an attribute like commonName (e.g. “Xxx Bloggs”) is an attribute. The distinction that is being made here refers mainly to the use of the attribute: IdPs issue attributes which are used to identify the person, AtPs issue attributes used for authorizations to the entity identified by the identity attributes. The only way an IdP could authenticate a person without issuing an attribute is by generating only a session id.
Architecture overview. As in the EUDAT communities the currently most frequently used infrastructure to provide metadata services is the harvesting model, harvesting metadata according to the OAI-PMH49 protocol will be a main feature of the architecture of the Joint Metadata Domain. In this model every community repository has one (or a community central) metadata provider and allows its metadata to be harvested 49 xxxx://xxx.xxxxxxxxxxxx.xxx/OAI/openarchivesprotocol.html by one or more central metadata service providers. The EUDAT metadata service will offer basic metadata search and browsing services to researchers looking for or exploring the resources from other disciplines. With respect to the type of metadata and the involvement of the communities we will harvest metadata from the following types of communities:
Architecture overview. A FLUIDOS node builds on top of Kubernetes, which takes care of abstracting the underlying (physical) resources and capabilities in a uniform way, no matter whether dealing with single devices or full-fledged clusters (and the actual operating system) while providing at the same time standard interfaces for their consumption. Specifically, it properly extends Kubernetes with new control logic responsible for handling the different node-to-node interactions, as well as to enable the specification of advanced policies and intents (e.g., to constrain application execution), which are currently not understood by the orchestrator. Given this precondition, the main architectural components of a FLUIDOS node are depicted in Figure 4 and converge around the Node Orchestrator and the Available Resources database. The former is in charge of orchestrating service requests, either on the local node or on remote nodes of the same fluid domain, coordinate all the interactions with local components (e.g., local scheduler) and remote nodes (e.g., to set up the computing/network/storage/service fabrics), and make sure that the service behaves as expected (e.g., honoring trust and security relationships). The latter keeps up-to-date information about resources and services available either locally or acquired from remote nodes, following the resource negotiation and acquisition process. Additional modules (and their companion communication interfaces), are required to handle the discovery of other FLUIDOS nodes and carry out the resource negotiation process, to monitor the state of the virtual infrastructure and to make sure that offloaded workloads/services behave as expected both in terms of security and negotiated SLAs, to take care of security and privacy issues (e.g., isolation), and to create the virtual continuum within the fluid space.
Architecture overview. 3. Service scope The eHealth UAM service is based on two main processes:
Architecture overview. The System is composed of the following components: - Portal - Portal Management - Infocast module configuration - DHCP server configuration - Interfaces/Glue between the various components (from Makeitwork and third parties) Those components are described in details in the next section:
Architecture overview. The MICO framework needs to be able to provide configurable analysis of different kinds of media content using different kinds of mostly independent services. In addition, these services might be im- plemented in different programming languages and run on different servers in a cluster. To accomodate for all these technical requirements, the framework will use a distributed service-oriented architec- ture, depicted in Figure 1. This kind of architecture allows for a low coupling of components with a shared infrastructure for communication and persistence. In this section, we give a short overview over the system architecture. Sections 3, 4 and 5 then describe central components in more detail.
