|
|
A service that internally persists data of a specific domain. All data is exposed through store domain APIs. Domain data management service is governed by Data Ecosystem but not necessarily owned by it. It uses Data Ecosystem services to enforce ingestion, persistence and consumption contracts.
|
|
|
|
|
|
|
|
|
![DDMS Detail.png](uploads/ef0a-ccb4-47f6-87df-0c055b33b98a.png)
|
|
|
|
|
|
## Runtime and Registration
|
|
|
|
|
|
- Enable discovery of data providers and their domain objects
|
|
|
- Multitenant vs single-tenant DDMS
|
|
|
- DDMS makes itself known to members of the Data Ecosystem
|
|
|
- DDMS registers what types it supports and how to operate on objects of these types
|
|
|
- Multiple patterns for registration
|
|
|
- Infer from ddms OpenAPI specs if they reuse common OpenAPI schemas and custom annotation
|
|
|
- Potentially generate (Apigee) proxy endpoints that are ddms certified
|
|
|
- Manual registration of endpoints and types
|
|
|
- Infer from ddms protobuf definitions (in the future)
|
|
|
- Multiple patterns for enforcement
|
|
|
- Enforce entitlement and compliance in the (Apigee) proxy (ddms does not need to be aware of these concerns)
|
|
|
- DDMS uses corresponding DE services directly
|
|
|
- Multiple patterns for added value
|
|
|
- Index, backup, GIS, BigQuery, broadcast inside (Apigee) proxy
|
|
|
- DDMS calls out to corresponding DE services directly
|
|
|
|
|
|
## Common concerns
|
|
|
- Compliance/Legal
|
|
|
- Legal information must be obtained from user (context)
|
|
|
- Non-compliant data cannot be ingested or consumed
|
|
|
- Entitlements
|
|
|
- Change of entitlements mean change of access permission for data
|
|
|
- Discoverability
|
|
|
- All domain objects must be globally discoverable – ddms APIs present a global contract
|
|
|
- Minimum requirements (DDMS maturity matrix draft)
|
|
|
- Data partition, Correlation id, Entitlements, compliance, discoverability, standardized unit and CRS support, global reference, standardized consumption patterns, traceability
|
|
|
- Customer data isolation, Backup and restore, Provisioning, Monitoring
|
|
|
- Recipes:
|
|
|
- DDMS base schema for associating DDMS attributes with domain objects
|
|
|
- ACLs: Liberate the data by default (data.default acl)
|
|
|
- Data partition is not derived from SAuth token: use user context widget in frontend, all backends must pass data partition id
|
|
|
- Granularity
|
|
|
- ACLs: Preserve input ACLs in derived data. Do not create unnecessary entitlements boundaries – data is by default shared
|
|
|
- Legal tags: They depend on the context of DDMS and the user but in general, they are not one per data partition
|
|
|
We are considering moving away from legal tag(s) on the object to legal attributes on the object |