src/site/xdoc/architecture.xml - syncope - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 Licensed to the Apache Software Foundation (ASF) under one
 or more contributor license agreements.  See the NOTICE file
 distributed with this work for additional information
 regarding copyright ownership.  The ASF licenses this file
 to you under the Apache License, Version 2.0 (the
 "License"); you may not use this file except in compliance
 with the License.  You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing,
 software distributed under the License is distributed on an
 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 KIND, either express or implied.  See the License for the
 specific language governing permissions and limitations
 under the License.

 -->
 <document xmlns="http://maven.apache.org/XDOC/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">

   <properties>
     <title>Architecture</title>
     <author email="dev@syncope.apache.org">Apache Syncope Documentation Team</author>
   </properties>

   <body>
     <section name="Architecture">

       <p style="text-align:center;">
         <img src="docs/images/architecture.png" alt="Syncope architecture" width="600"/>
       </p>

       <p>
         <strong>
           <em>Keymaster</em>
         </strong> allows for dynamic service discovery so that other components are able to find each other.
       </p>

       <p>
         <strong>
           <em>Admin UI</em>
         </strong> is the web-based console for configuring and administering running deployments, with full support
         for delegated administration.
       </p>

       <p>
         <strong>
           <em>End-user UI</em>
         </strong> is the web-based application for self-registration, self-service and password reset.
       </p>

       <p>
         <strong>
           <em>Web Access</em>
         </strong> is the Access Management component, based on
         <a target="_blank" href="https://apereo.github.io/cas/">Apereo CAS</a>.
       </p>

       <p>
         <strong>
           <em>Secure Remote Access</em>
         </strong> allows to protect legacy applications by integrating with the Web Access or other third-party
         Access Managers implementing standard protocols as OpenID Connect or SAML.
       </p>

       <p>
         <strong>
           <em>Core</em>
         </strong> is the central component, providing all services offered by Apache Syncope.<br/>
         It exposes a fully-compliant
         <a target="_blank" href="https://en.wikipedia.org/wiki/Java_API_for_RESTful_Web_Services">JAX-RS 2.1</a>
         <a target="_blank" href="https://en.wikipedia.org/wiki/Representational_state_transfer">RESTful</a>
         interface which enables third-party applications, written in any programming language, to consume IdM
         services.
       </p>

       <ul>
         <li>
           <p>
             <strong>
               <em>Logic</em>
             </strong> implements the overall business logic that can be triggered via REST services, and controls some
             additional features (notifications, reports and audit over all)
           </p>
         </li>
         <li>
           <p>
             <strong>
               <em>Provisioning</em>
             </strong> is involved with managing the internal (via workflow) and external (via specific connectors)
             representation of users, groups and any objects.<br/>
             This component often needs to be tailored to meet the requirements of a specific deployment, as it is the
             crucial decision point for defining and enforcing the consistency and transformations between internal and
             external data. The default all-Java implementation can be extended for this purpose.
             In addition, an <a target="_blank" href="https://camel.apache.org/">Apache Camel</a>-based
             implementation is also available as an extension, which brings all the power of runtime changes and
             adaptation.
           </p>
         </li>
         <li>
           <p>
             <strong>
               <em>Workflow</em>
             </strong> is one of the pluggable aspects of Apache Syncope: this lets every deployment choose the preferred
             engine from a provided list - including the one based on
             <a target="_blank" href="https://www.flowable.org/">Flowable BPM</a>, the reference open source
             <a target="_blank" href="https://www.bpmn.org/">BPMN 2.0</a> implementation - or define new, custom ones.
           </p>
         </li>
         <li>
           <p>
             <strong>
               <em>Persistence</em>
             </strong> manages all data (users, groups, attributes, resources, …&#8203;) at a high level
             using a standard <a target="_blank" href="https://en.wikipedia.org/wiki/Java_Persistence_API">JPA 2.2</a>
             approach. The data is persisted to an underlying database, referred to as <strong>
               <em>Internal Storage</em>
             </strong>. Consistency is ensured via the comprehensive
             <a target="_blank" href="https://docs.spring.io/spring-framework/docs/5.3.x/reference/html/data-access.html#transaction">transaction management</a>
             provided by the Spring Framework.<br/>
             Globally, this offers the ability to easily scale up to a million entities and at the same time allows great
             portability with no code changes: MySQL, MariaDB, PostgreSQL, Oracle and MS SQL Server are fully supported
             deployment options.<br/>
             Domains allow to manage data belonging to different tenants into separate database instances.
           </p>
         </li>
         <li>
           <p>
             <strong>
               <em>Security</em>
             </strong> defines a fine-grained set of entitlements which can be granted to administrators, thus enabling
             the implementation of delegated administration scenarios
           </p>
         </li>
       </ul>

       <p>
         Third-party applications are provided full access to IdM services by leveraging the REST interface, either
         via the Java <em>SyncopeClient</em> library (the basis of Admin UI and End-user UI) or plain HTTP calls.
       </p>

       <subsection name="ConnId">
         <p>The <strong>
             <em>Provisioning</em>
           </strong> layer relies on <a href="http://connid.tirasa.net" target="_blank">ConnId</a>; ConnId is designed
           to separate the implementation of an application from the dependencies of the system that the application is
           attempting to connect to.
         </p>

         <p>ConnId is the continuation of The Identity Connectors Framework (Sun ICF), a project that used to be part of
           market leader Sun IdM and has since been released by Sun Microsystems as an Open Source project.
           This makes the connectors layer particularly reliable because most connectors have already been implemented
           in the framework and widely tested.</p>

         <p>The new ConnId project, featuring contributors from several companies, provides all that is required
           nowadays for a modern Open Source project, including an Apache Maven driven build, artifacts and mailing
           lists. Additional connectors – such as for SOAP, CSV, PowerShell and Active Directory – are also provided.</p>
       </subsection>
     </section>
   </body>
 </document>
	<?xml version="1.0" encoding="UTF-8"?>
	<!--
	Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.

	-->
	<document xmlns="http://maven.apache.org/XDOC/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">

	<properties>
	<title>Architecture</title>
	<author email="dev@syncope.apache.org">Apache Syncope Documentation Team</author>
	</properties>

	<body>
	<section name="Architecture">

	<p style="text-align:center;">
	<img src="docs/images/architecture.png" alt="Syncope architecture" width="600"/>
	</p>

	<p>
	<strong>
	<em>Keymaster</em>
	</strong> allows for dynamic service discovery so that other components are able to find each other.
	</p>

	<p>
	<strong>
	<em>Admin UI</em>
	</strong> is the web-based console for configuring and administering running deployments, with full support
	for delegated administration.
	</p>

	<p>
	<strong>
	<em>End-user UI</em>
	</strong> is the web-based application for self-registration, self-service and password reset.
	</p>

	<p>
	<strong>
	<em>Web Access</em>
	</strong> is the Access Management component, based on
	<a target="_blank" href="https://apereo.github.io/cas/">Apereo CAS</a>.
	</p>

	<p>
	<strong>
	<em>Secure Remote Access</em>
	</strong> allows to protect legacy applications by integrating with the Web Access or other third-party
	Access Managers implementing standard protocols as OpenID Connect or SAML.
	</p>

	<p>
	<strong>
	<em>Core</em>
	</strong> is the central component, providing all services offered by Apache Syncope.<br/>
	It exposes a fully-compliant
	<a target="_blank" href="https://en.wikipedia.org/wiki/Java_API_for_RESTful_Web_Services">JAX-RS 2.1</a>
	<a target="_blank" href="https://en.wikipedia.org/wiki/Representational_state_transfer">RESTful</a>
	interface which enables third-party applications, written in any programming language, to consume IdM
	services.
	</p>

	<ul>
	<li>
	<p>
	<strong>
	<em>Logic</em>
	</strong> implements the overall business logic that can be triggered via REST services, and controls some
	additional features (notifications, reports and audit over all)
	</p>
	</li>
	<li>
	<p>
	<strong>
	<em>Provisioning</em>
	</strong> is involved with managing the internal (via workflow) and external (via specific connectors)
	representation of users, groups and any objects.<br/>
	This component often needs to be tailored to meet the requirements of a specific deployment, as it is the
	crucial decision point for defining and enforcing the consistency and transformations between internal and
	external data. The default all-Java implementation can be extended for this purpose.
	In addition, an <a target="_blank" href="https://camel.apache.org/">Apache Camel</a>-based
	implementation is also available as an extension, which brings all the power of runtime changes and
	adaptation.
	</p>
	</li>
	<li>
	<p>
	<strong>
	<em>Workflow</em>
	</strong> is one of the pluggable aspects of Apache Syncope: this lets every deployment choose the preferred
	engine from a provided list - including the one based on
	<a target="_blank" href="https://www.flowable.org/">Flowable BPM</a>, the reference open source
	<a target="_blank" href="https://www.bpmn.org/">BPMN 2.0</a> implementation - or define new, custom ones.
	</p>
	</li>
	<li>
	<p>
	<strong>
	<em>Persistence</em>
	</strong> manages all data (users, groups, attributes, resources, …) at a high level
	using a standard <a target="_blank" href="https://en.wikipedia.org/wiki/Java_Persistence_API">JPA 2.2</a>
	approach. The data is persisted to an underlying database, referred to as <strong>
	<em>Internal Storage</em>
	</strong>. Consistency is ensured via the comprehensive
	<a target="_blank" href="https://docs.spring.io/spring-framework/docs/5.3.x/reference/html/data-access.html#transaction">transaction management</a>
	provided by the Spring Framework.<br/>
	Globally, this offers the ability to easily scale up to a million entities and at the same time allows great
	portability with no code changes: MySQL, MariaDB, PostgreSQL, Oracle and MS SQL Server are fully supported
	deployment options.<br/>
	Domains allow to manage data belonging to different tenants into separate database instances.
	</p>
	</li>
	<li>
	<p>
	<strong>
	<em>Security</em>
	</strong> defines a fine-grained set of entitlements which can be granted to administrators, thus enabling
	the implementation of delegated administration scenarios
	</p>
	</li>
	</ul>

	<p>
	Third-party applications are provided full access to IdM services by leveraging the REST interface, either
	via the Java <em>SyncopeClient</em> library (the basis of Admin UI and End-user UI) or plain HTTP calls.
	</p>

	<subsection name="ConnId">
	<p>The <strong>
	<em>Provisioning</em>
	</strong> layer relies on <a href="http://connid.tirasa.net" target="_blank">ConnId</a>; ConnId is designed
	to separate the implementation of an application from the dependencies of the system that the application is
	attempting to connect to.
	</p>

	<p>ConnId is the continuation of The Identity Connectors Framework (Sun ICF), a project that used to be part of
	market leader Sun IdM and has since been released by Sun Microsystems as an Open Source project.
	This makes the connectors layer particularly reliable because most connectors have already been implemented
	in the framework and widely tested.</p>

	<p>The new ConnId project, featuring contributors from several companies, provides all that is required
	nowadays for a modern Open Source project, including an Apache Maven driven build, artifacts and mailing
	lists. Additional connectors – such as for SOAP, CSV, PowerShell and Active Directory – are also provided.</p>
	</subsection>
	</section>
	</body>
	</document>