Architecture overview. The DAAS was built to separate access to the application from data access (By example: routing information). This service’s sole purpose is to return data. PARTNER EHEALTH XXXX XXX Timestamp Sign: body+token+TS XXXX SV Timestamp Sign: body+token+TS 1. XXXX XXXX Response AttributeQuery BUS XXXX
Architecture overview. 3.1.2. Functionalities eHealth AddressBook is composed of only a web service, and has the following methods: • SearchProfessionals • SearchOrganizations • GetProfessionalContactInfo • GetOrganizationContactInfo The search operations return a set of results. To access all details of 1 result, a get method needs to be used. The application will allow searching a healthcare person based on: • Name, first name and quality, • XXXX or INAMI number, • City or Zip Code and quality The application will allow searching a healthcare organization based on: • Institution Name and quality, • INAMI, EHP or CBE number, • City or Zip Code and quality The same types of research exist for the healthcare facilities. All possible combinations can be found in the cookbook. Note: Limitations exist for CBE organizations, as not all searches are possible. Users can then use the contact information retrieved to decide what the best means of communication is, depending also on the type of message to be transmitted.
Architecture overview. 3.1.2. Functionalities eHealth AddressBook is composed of only a web service, and has the following methods: • SearchProfessionals • SearchOrganizations • GetProfessionalContactInfo • GetOrganizationContactInfo The search operations return a set of results. To access all details of 1 result, a get method needs to be used. The application will allow searching a healthcare person based on: • Name, first name and quality • XXXX or INAMI number • City or Zip Code and quality The application will allow searching a healthcare organization based on: • Institution Name and quality • INAMI, EHP or CBE number • City or Zip Code and quality The same types of research exist for the healthcare facilities. All possible combinations can be found in the cookbook. Note: Limitations exist for CBE organizations, as not all searches are possible. Users can then use the contact information retrieved to decide what the best means of communication is, depending also on the type of message to be transmitted.
Architecture overview. 3. Service scope The eHealth UAM service is based on two main processes:
Architecture overview. The DIRECTORY was built to separate access to the application from data access (By example: routing information). This service’s sole purpose is to return data.
Architecture overview. This section provides a more detailed overview of all the main software components and relationships between them. The figure below shows a simplified DataCentre architecture containing some of the components described previously as well as the current workflow represented by the activity diagram highlighted in grey. Figure 23: DataCentre Architecture As the figure shows, all external communications with data providers pass through the Connector Manager component. In case of synchronous communication, the provider client components send the requests according to provider’s protocol and implementation specification and the retrieved responses are immediately returned to the workflow engine. In case of asynchronous communication, the provider client components send the requests to the relevant service and the relevant responses will be later retrieved in two ways:
Architecture overview. The overall architecture of the AAI is illustrated in Figure 27. The diagram shows a set of external Identity Providers (IdPs), and external Attribute Providers (AtPs), where, in the case of Shibboleth, the IdP itself is also an AtP37. At the boundary of the EUDAT core and community services (represented by the large circle) is a front end (or gateway), which accepts tokens and attributes from the existing AAI. The gateway converts an external credential to an internal credential. Note that it may be more efficient to use a single internal credential, rather than the many different credentials provided by the AAI, as otherwise every single service in EUDAT would have to be able to understand every type of credential. Instead, it is better to convert the external token into a single credential. One consequence of this approach is that the gateway now holds a credential with which it can act on behalf of the user. This credential has to be user-specific, as the service providers must know the individual users of the services (or be able to trace them in cases of misuse). The alternative is to use a single internal credential and then track very carefully who is doing what at which time, but this will not scale securely to a large multi-user multi- service infrastructure like EUDAT with multiple gateways38. 37 Of course, every IdP is an AtP: an attribute which says “I have authenticated this person” (e.g. ePTID) is an attribute; an attribute like commonName (e.g. “Xxx Bloggs”) is an attribute. The distinction that is being made here refers mainly to the use of the attribute: IdPs issue attributes which are used to identify the person, AtPs issue attributes used for authorizations to the entity identified by the identity attributes. The only way an IdP could authenticate a person without issuing an attribute is by generating only a session id.
Architecture overview. As in the EUDAT communities the currently most frequently used infrastructure to provide metadata services is the harvesting model, harvesting metadata according to the OAI-PMH49 protocol will be a main feature of the architecture of the Joint Metadata Domain. In this model every community repository has one (or a community central) metadata provider and allows its metadata to be harvested 49 xxxx://xxx.xxxxxxxxxxxx.xxx/OAI/openarchivesprotocol.html by one or more central metadata service providers. The EUDAT metadata service will offer basic metadata search and browsing services to researchers looking for or exploring the resources from other disciplines. With respect to the type of metadata and the involvement of the communities we will harvest metadata from the following types of communities:
Architecture overview. The System is composed of the following components: - Portal - Portal Management - Infocast module configuration - DHCP server configuration - Interfaces/Glue between the various components (from Makeitwork and third parties) Those components are described in details in the next section:
Architecture overview. This is generic text describing the relationship between Access Network Tiles and the MSF Core Architecture Domain. A reproduction of section 2 of this document 4 Internal Architecture – This is a diagram showing the elements within the Access Network Tile together with the Internal and External reference points which connect to them.