diff --git a/CHANGELOG.md b/CHANGELOG.md index 70c51890..e755645a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Update dependency on vulnerability for @adobe/css-tools - Fix styles on Save Reports and Upload Ratings +### Changed +- Updated arc42 documentation to align with the EDC updated Country Risk application. + ## [1.3.0] - 2023-12-06 ### Added diff --git a/docs/Arc42-Documentation.md b/docs/Arc42-Documentation.md index 4aa9d4ce..1aebec12 100644 --- a/docs/Arc42-Documentation.md +++ b/docs/Arc42-Documentation.md @@ -122,7 +122,6 @@ Ignoring country risk factors can lead to damaging consequences like: - Lack of transparency - Theft (due to the perception of a lax attitude) - ##### Types of Risk in International Business There are many factors to consider, but those factors can largely be categorized as economic, political and social factors. @@ -194,11 +193,41 @@ Control Risk Political Stability Forecast 2021 - (e.g., uncertainties in jurisdi Euler Hermes Country Risk Ratings (189 Countries, Economic Risk, Business Environmental Risk, Political Risk, Commercial Risk, Financing Risk) Dun & Bradstreet, Country Risk ( http://www.dnbcountryrisk.com/, 14 Scores) +## System Scope and EDC Integration + +![EDC Integration](Images/StandardisedDataExchangeWithEdc.png) + +**EDC Operator** +* The diagram above shows two EDCs on Operator side. This is only for visualization purpose. On the prespective that both Country Risk and Gate are on the Operator Side. +* The other EDC Systems will work the same way with auth and flow if the connection its from other Operator + +## Keycloak Authentication & Autorization Flow + +![Keycloak](Images/keyckloak.png) + +### Handling Country Risk + +The handling of country risk within our system is managed by the Country Risk Application. + +It involves assessing and consuming data from the Country Risk EDC Consumer, which obtains necessary data from the EDC Gate Provider. + +This process ensures that the data related to country risk is accurate and up-to-date. The Country Risk Application doesn't filter the data; instead, it relies on the Gate service to validate user permissions and deliver the correct set of data based on the user's role and access rights. + +### Data EDC Handling + +The security of data and ensuring that companies only access the data they are permitted to see is achieved through a robust authentication and authorization flow provided by Keycloak. + +When a company requests data, the Gate service validates the OAuth2 token provided in the request. + +This token contains the roles and permissions associated with the client user. By checking the "resource_access" section of the OAuth2 token, the Gate service ensures that a company can only access data for which it has the correct credentials. + +Additionally, the EDC Discovery Service can be employed to manage service endpoints and their associated access policies, enhancing the control over which data each company can discover and access. + ## Business Context -## Technical Context +### Technical Context ![Technical Building](../docs/Images/image2022-10-26_18-42-52.png) diff --git a/docs/Images/StandardisedDataExchangeWithEdc.png b/docs/Images/StandardisedDataExchangeWithEdc.png new file mode 100644 index 00000000..cc1d190d Binary files /dev/null and b/docs/Images/StandardisedDataExchangeWithEdc.png differ diff --git a/docs/Images/keyckloak.png b/docs/Images/keyckloak.png new file mode 100644 index 00000000..fa633d46 Binary files /dev/null and b/docs/Images/keyckloak.png differ diff --git a/docs/mermaid/keycloak_integration_with_bpdm b/docs/mermaid/keycloak_integration_with_bpdm new file mode 100644 index 00000000..d31b83ec --- /dev/null +++ b/docs/mermaid/keycloak_integration_with_bpdm @@ -0,0 +1,14 @@ +sequenceDiagram + participant Country Risk EDC Consumer + participant BPDM EDC + participant OpenIDConnect Server + participant BPDM Gate + + autonumber + Country Risk EDC Consumer -->> BPDM EDC: Request Provider for Api With OAuth2 + BPDM EDC -->>OpenIDConnect Server: Send Client Credentials + OpenIDConnect Server-->> BPDM EDC: Respond OAuth2 Token + BPDM EDC -->> BPDM Gate: Send Request with OAuth2 Token in Authorization Header + BPDM Gate -->> OpenIDConnect Server: Validate Token + OpenIDConnect Server -->> BPDM Gate: Confirms validity of Token + BPDM Gate -->> BPDM Gate: Check "resource_access" section of OAuth Token \ No newline at end of file diff --git a/docs/mermaid/mermaid_edc_integration.md b/docs/mermaid/mermaid_edc_integration.md new file mode 100644 index 00000000..62db5e28 --- /dev/null +++ b/docs/mermaid/mermaid_edc_integration.md @@ -0,0 +1,22 @@ + + +graph TD +%% Scenario 1: Data Provision +subgraph S1["Scenario 1: Data Provision"] +OtherEDCSystems[("Other EDC Systems")]:::otherStyle -->|consumes data from| EDCProviderCR[("Country Risk EDC Provider")]:::providerStyle +EDCProviderCR -->|requests data from| CRApp[("Country Risk Application")]:::appStyle +end + + %% Scenario 2: Data Consumption + subgraph S2["Scenario 2: Data Consumption"] + CRApp2[("Country Risk Application")]:::appStyle -->|consumes data from| EDCC[("Country Risk EDC Consumer")]:::consumerStyle + EDCC -->|requests data from| EDCGateProvider[("EDC Gate Provider")]:::gateStyle + EDCGateProvider -->|requests data from| BPDM[("BPDM Application")]:::bpdmStyle + end + + classDef appStyle fill:#ffcccc,stroke:#333,stroke-width:4px; + classDef providerStyle fill:#ccffcc,stroke:#333,stroke-width:4px; + classDef consumerStyle fill:#ccccff,stroke:#333,stroke-width:4px; + classDef otherStyle fill:#fff0b3,stroke:#333,stroke-width:4px; + classDef gateStyle fill:#f0b3ff,stroke:#333,stroke-width:4px; + classDef bpdmStyle fill:#ffffb3,stroke:#333,stroke-width:4px;