Skip to content

pcmt
pcmt

Architecture

Last edited by Josh Zamor
Page history

Architecture

Decisions

Architecture Decision Records are used to capture architecture decisions alongside the code.

Known constraints

  • Open source licenses on code & all project materials (creative commons)
  • Web-based, over HTTPs
  • Headless API
  • Interoperable
  • Work on urban (3G) LMIC connections and hardware (PC > mobile)
  • i18n, l10n

Open Constraints?

  • Project tooling? [#13 (closed)]
    • Process documentation - Already exists in Google Drive?
      • Is this public & licensed for creative commons?
      • How will it survive over lifespan of PCMT?
    • User stories, tasks, bugs - GitLab issues
    • Project documentation - GitLab Wiki, RTD
    • Code (SCM) - GitLab
  • License? [#16 (closed)]
    • AGPLv3 - Tends to scare private companies away.
    • MIT - highly permissive
    • Others?
  • Deployment architecture? [#17 (closed)]
    • Cloud?
    • On-prem?
  • To SaaS or not to SaaS? [#2 (closed)]
    • Can we estimate how many tenants we might have? Year 1? Year 5?
    • Effects Deployment Architecture. e.g. If on-prem is a high requirement, then we may have to strike out cloud serverless (though there is tech such as OpenStack, CNCF).
    • Multi-single-tenant. OpenLMIS has experimented with parts of this and has found that using a traditional app server (Java Spring) isn't well suited for operational costs.
    • Serverless - Rapidly evolving, though still early stage for a project this size.
    • Traditional multi-tenant is most mature, however it certainly adds to development and deployment costs.
    • Still exploring options that balance hosted vs. on-prem
  • Authorization [#18]
    • Allows a role within a group to own specific sets of attributes of a Commodity/Item.
    • RBAC? (can be useful in user stories where the role is "as a role I want...")
    • ABAC?
  • Authentication [#19 (closed)]
    • Delegated? (e.g. OAuth2 - OpenLMIS, Google Accounts, etc)
    • SSO?
  • Security [#20]
    • How sensitive is product information? (will a stakeholder worry if data is in multi-tenant architecture)
    • What's the risk to product catalog if credentials are compromised? (2FA / MFA)
  • Interoperable
    • OData
    • Code Set for FHIR?
    • Spreadsheets? CSV? XLS?
    • EDI?
  • Compliance
    • EU - Cookie Law? GDPR?
    • Principles for Digital Development?
  • Customization?
    • Logos? Colors?
    • Custom fields?
    • Custom workflow?
  • Versioning?