When defining the authorization components, we used the XACML reference architecture.
Conceptual components We have defined the following conceptual components/functional areas from the reference architecture.
PDP - Policy Decision Point The policy decision point is responsible for deciding if an authorization request is authorized or not. It bases its decision on rules and information it has of the resource and the user/system trying to access and perform an operation on a resource. »
See solutions for details about the functionality provided by this component.
Construction Components Altinn Access Control The diagram below shows where the different solution components are located
The Authorization component is constructed as a asp.net MVC application exposing API. The API communicates with the different solution components
The below diagram shows the data flow including PEP.
Data flow authorization Decision API The decision API is the API that orchestrates the decision process. »
Construction Components Altinn Access Groups API Theare »
See solutions for details about the functionality provided by this component.
Construction Components Altinn Resource Registry Frontend The frontend is created with REACT as a standalone REACT application.
It uses the following frameworks
Axios : For Redux : Redux Toolkit : Redux Query : Build & Deploy We use GitHub Actions and Azure DevOps to build Frontend applications. The code is located in altinn-access-mangement-frontend repo
Github Action Azure DevOps Pipeline Hosting The backend hosts the compiled frontend application. »
AccessToken Client .Net applications use AccessToken clients needing to call protected APIs in the Altinn Platform infrastructure.
The AccessToken Client has an Access Token generator
that generates a JWT based on a unique certificate made available in the Kubernetes clusters.
Example usage App template calling register. App template calling Altinn Events. Altinn Events function calling Altinn Events. Configuration To use the Access Token client, you need to add the following to program. »
Altinn Studio Altinn Studio Designer creates a JWT-based Access Token signed by a certificate that the Altinn Studio Designer has available when running in the Altinn Studio Kubernetes Cluster. The certificate is different for each environment.
Using separate certificates makes it possible for each Altinn Platform environment to configure which Altinn Studio environment is allowed to deploy and modify applications in that specific environment.
Altinn Studio Designer generates a token with the help of the Access Token generator for each call to the platform components. »
See below for application contruction components for the different components in Altinn Platform.
Application construction components - Altinn Platform ProfileThe profile component in Altinn platform is constructed as an asp.net core web API application deployed as a docker container to a Kubernetes cluster.
Application architecture receipt component - Altinn PlatformThe receipt component is an application exposing a React receipt application, and internal APIs.
Application construction components - Altinn Platform RegisterThe register component in Altinn platform is constructed as an asp. »
Analysis Enablement Capabilities Requirement Capture Requirements are gathered through:
issues on Github talks with stakeholders using the platform (service owners and others) For some pilots, we choose to create larger epics on Github to group requirements.
Some example issues are
The issue for supporting Sirius App for tax department The issue for supporting NSM POB See development application components to get an overview of our tools and applications.
User story Definition The DevOps teams or stakeholders define user stories in our GitHub repositories »
In this app template the App Backend is based on ASP.NET Core and is a Web Api application.
The App Backend exposes REST-Api’s consumed by a optional App Frontend and/or external systems / mobile apps. The structure of the API’s is documented here
The diagram below show how the code is structured in different parts.
App backend Altinn.App.Api The REST-APIS are implemented in different web-api-controllers and uses attribute based routing to identify the correct operation. »
Altinn Apps is the solution where all the apps developed in Altinn Studio is deployed. The following diagram shows the deployment architecture for Altinn Studio together & Altinn Apps.
Deployment architecture Download as Visio.
Container Orchestration by Kubernetes Each app created in Altinn Studio is deployed to Altinn Apps as separate applications running in Docker Containers. The containers will be orchestrated by Kubernetes.
The Altinn App is deployed as sets of Docker Containers defined as Kubernetes Deployment. »
