Microservice Architecture
Mosaic is built using a Microservice Architecture, where applications are arranged as a collection of loosely coupled, fine-grained Services. Each Service has its own data. The Services communicate over defined interfaces (Web API, GraphQL, Service Bus). The Services can be developed and deployed independently.
There are multiple aspects any microservice platform should consider. Mosaic provides solutions in all these areas.
Here is an incomplete list:
- Integrating microservices in UI (see Microfrontends)
- Authentication
- Authorization / Roles & Permissions concept
- APIs
- Messaging
- Webhooks
- Logging
- Health / Metrics / Monitoring / Observability
- Security
- Configuration Management
- Hosting
- Life cycle management.
Authentication
To access the services, users first have to authenticate themselves.
Humans accessing the system have their User Accounts. They can log in either with an email and password using AxAuth Service, or by using one of the supported 3rd party Identity Providers who use OAuth 2.0 (today: Google, more to follow).
Identity Providers can be enabled and configured individually for each Environment.
Software components interacting with Mosaic Services use Service Account. Service Account credentials are an account ID and account secret - both are long random numbers.
Authorization
Each Mosaic Service can define a set of its own Permissions. Each permission enables a specific operation with the data.
User Roles can be defined in each Environment. A Role is a combination of permissions. One Role can combine permissions accross multiple services. A Role can inherit from another Role.
A User can be assigned one or multiple Roles.
A Service Account can be assigned permissions directly, enabling very fine-grained control over the access level for the service accounts.
The same authorization scheme applies to Managed Services and Custom Services, so you don’t need to invent a custom authentication/authorization solution.
Logging & Reporting
All Services produce logs in a consistent manner. All logs are aggregated into a centralized system and are available for further analysis.
Using Reporting Service customer gets access to reports based on the collected information.
Reporting data is also used for billing purposes (see Billing).
Monitoring
All Services are continuously monitored for their health. Technical staff immediately reacts on alerts ensuring best possible availability.