-
Notifications
You must be signed in to change notification settings - Fork 14
Add scope diagrams section with C4 Level 1 and Level 2 diagrams #159
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
954085c
31b52dd
0a39c38
cf9be25
4ada3f2
8f7c768
25cdda7
1e1ea84
685d6fb
aba265c
99e8716
abca902
810e52e
3187ac4
29ece08
624685f
66c4303
457cfc8
7fe9a79
ccafd9d
c6295b9
da07c8f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| # Figures | ||
|
|
||
| A set of composition diagrams that models the [Linked Web Storage Protocol](https://w3c.github.io/lws-protocol/lws10-core/) specification. | ||
|
|
||
| ## Figure 1 - System Context Diagram | ||
|
|
||
| Shows the LWS System as a single unit and the person who uses it. Establishes scope only — no internal structure is shown. | ||
|
|
||
|  | ||
|
|
||
| | Box | Description | | ||
| |---|---| | ||
| | Agent | An agent of the LWS system | | ||
| | LWS System | A system that implements the LWS Protocol | | ||
|
|
||
| ## Figure 2 - Container Diagram | ||
|
|
||
| Breaks the LWS System into its primary elements. | ||
|
|
||
|  | ||
|
|
||
| | Box | Description | | ||
| |---|---| | ||
| | Agent | An agent of the LWS system | | ||
| | LWS System | A system that implements the LWS Protocol | | ||
| | LWS Client | An HTTP client that complies with the LWS Protocol | | ||
| | LWS Server | An HTTP server that complies with the LWS Protocol | | ||
|
|
||
| ## Figure 3 - LWS Server Component Diagram | ||
|
|
||
| Decomposition of the LWS Server into components and their responsibilities from client request to storage access. | ||
|
|
||
|  | ||
|
|
||
| | Box | Description | | ||
| |---|---| | ||
| | LWS Client | An HTTP client that complies with the LWS Protocol | | ||
| | LWS Server | An HTTP server that complies with the LWS Protocol | | ||
| | Resource Manager | Manages data resources, containers, containment and linksets | | ||
| | Authentication | Validates credentials against the identity provider | | ||
| | Authorization | Enforces resource manager access decisions | | ||
| | Storage Controller | Controls all resources in the storage directed by its client resource-manager | | ||
| | Identity Provider | Confirms user identity and issues signed credentials. MAY be an external system | | ||
| | Storage | A set of hierarchically organized HTTP resources managed per LWS conventions | | ||
|
|
||
| ## Figure 4 - LWS Resource Type Hierarchy | ||
|
|
||
| The resource type taxonomy and relationship defined in the specification's Terminology section. | ||
|
|
||
|  | ||
|
|
||
| | Box | Description | | ||
| |---|---| | ||
| | Resource Manager | Manages data resources, containers, containment and linksets | | ||
| | Storage | A set of hierarchically organized HTTP resources managed per LWS conventions | | ||
| | LWS Resource | An HTTP resource that supports the read operations defined by LWS | | ||
| | Container | An LWS resource able to enumerate a collection of LWS resources; may recursively contain other containers | | ||
| | Data Resource | A data-bearing LWS resource such as a document, image, or structured information | | ||
| | Auxiliary Resource | An LWS resource whose lifetime is bound to a primary resource | | ||
| | Linkset Resource | An auxiliary resource conforming to RFC9264 | | ||
| | Metadata Resource | An auxiliary resource, managed by a storage, that describes an LWS resource | | ||
| | Storage Root | The container at the root of a containment hierarchy of a storage | | ||
| | Storage Description | Enumerates the storage root and the services/capabilities of a storage | | ||
|
|
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,161 @@ | ||
| specification { | ||
| element actor { | ||
| style { | ||
| shape person | ||
| color amber | ||
| } | ||
| } | ||
| element system { | ||
| style { | ||
| color blue | ||
| opacity 30% | ||
| } | ||
| } | ||
| element externalSystem { | ||
| style { | ||
| color secondary | ||
| opacity 30% | ||
| } | ||
| } | ||
| element component | ||
|
|
||
| element resource { | ||
| style { | ||
| shape document | ||
| color indigo | ||
| } | ||
| } | ||
|
|
||
| relationship isA { | ||
| color gray | ||
| line dashed | ||
| head none | ||
| } | ||
| relationship contains { | ||
| color gray | ||
| head diamond | ||
| } | ||
| relationship boundTo { | ||
| color gray | ||
| line dotted | ||
| head none | ||
| } | ||
| relationship describes { | ||
| color gray | ||
| line dotted | ||
| } | ||
| relationship manages | ||
|
|
||
| tag optional | ||
| } | ||
|
|
||
| model { | ||
| agent = actor 'Agent' { | ||
| description 'An agent of the LWS system' | ||
| } | ||
|
|
||
| lws = system 'LWS System' { | ||
| description 'A system that implements the LWS Protocol' | ||
| component lws-client 'LWS Client' { | ||
| description 'An HTTP client that complies with the LWS Protocol' | ||
| } | ||
| component lws-server 'LWS Server' { | ||
| description 'An HTTP server that complies with the LWS Protocol' | ||
|
|
||
| component identity-provider 'Identity Provider' { | ||
| #optional | ||
| description 'Confirms user identity and issues signed credentials. MAY be an external system' | ||
| } | ||
| component resource-manager 'Resource Manager' { | ||
| description 'Manages data resources, containers, containment and linksets' | ||
| } | ||
| component authentication 'Authentication' { | ||
| description 'Validates credentials against the identity provider' | ||
| } | ||
| component authorization 'Authorization' { | ||
| description 'Enforces resource manager access decisions' | ||
| } | ||
| component storage 'Storage' { | ||
| description 'A set of hierarchically organized HTTP resources managed per LWS conventions' | ||
|
|
||
| lws-resource = resource 'LWS Resource' { | ||
| description 'An HTTP resource that supports the read operations defined by LWS' | ||
| } | ||
| container = resource 'Container' { | ||
| description 'An LWS resource able to enumerate a collection of LWS resources; may recursively contain other containers' | ||
| } | ||
| data-resource = resource 'Data Resource' { | ||
| description 'A data-bearing LWS resource such as a document, image, or structured information' | ||
| } | ||
| auxiliary-resource = resource 'Auxiliary Resource' { | ||
| description 'An LWS resource whose lifetime is bound to a primary resource' | ||
| } | ||
| linkset-resource = resource 'Linkset Resource' { | ||
| description 'An auxiliary resource conforming to RFC9264' | ||
| } | ||
| metadata-resource = resource 'Metadata Resource' { | ||
| description 'An auxiliary resource, managed by a storage, that describes an LWS resource' | ||
| } | ||
| storage-root = resource 'Storage Root' { | ||
| description 'The container at the root of a containment hierarchy of a storage' | ||
| } | ||
| storage-description = resource 'Storage Description' { | ||
| description 'Enumerates the storage root and the services/capabilities of a storage' | ||
| } | ||
|
|
||
| container -[isA]-> lws-resource | ||
| data-resource -[isA]-> lws-resource | ||
| auxiliary-resource -[isA]-> lws-resource | ||
| linkset-resource -[isA]-> auxiliary-resource | ||
| metadata-resource -[isA]-> auxiliary-resource | ||
| storage-root -[isA]-> container | ||
| storage-description -[isA]-> lws-resource | ||
|
|
||
| container -[contains]-> data-resource 'contains' | ||
|
|
||
| auxiliary-resource -[boundTo]-> lws-resource 'bound to primary resource' | ||
| metadata-resource -[describes]-> lws-resource 'describes' | ||
| storage-description -[describes]-> storage-root 'enumerates & describes' | ||
| } | ||
|
|
||
| component storage-controller 'Storage Controller' { | ||
| description 'Controls all resources in the storage directed by its client resource-manager' | ||
| } | ||
| } | ||
|
|
||
| agent -> lws-client 'agent requests' | ||
| lws-client -> lws-server 'HTTP requests' | ||
| lws-client -> identity-provider 'authenticates' | ||
| lws-client -> resource-manager 'sends request' | ||
| resource-manager -> authentication 'authenticates request' | ||
| authentication -> identity-provider 'validates credentials' | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. My comment is mostly about this interaction. In general case this happesn between Authorization Server of the Resource Owner and the IdP of the End-user. Showing it as 'internal' to the LWS Server can bring confusion instead of clarifying it. You can see Step 10 and after on https://elf-pavlik.github.io/lws-auth/view/oidc/?dynamic=sequence |
||
| resource-manager -> authorization 'checks permission' | ||
| resource-manager -> storage-controller 'acts as client to' | ||
| storage-controller -> storage 'controls' | ||
| resource-manager -[manages]-> storage-root 'manages' | ||
| } | ||
| } | ||
|
|
||
| views { | ||
| view fig1-system-context { | ||
| title 'System Context Diagram' | ||
| include agent, lws | ||
| } | ||
|
|
||
| view fig2-container-diagram of lws { | ||
| title 'Container Diagram' | ||
| include * | ||
| } | ||
|
|
||
| view fig3-lws-server-components of lws-server { | ||
| title 'LWS Server Component Diagram' | ||
| autoLayout TopBottom | ||
| include * | ||
| } | ||
|
|
||
| view fig4-resource-hierarchy of storage { | ||
| title 'LWS Resource Type Hierarchy' | ||
| autoLayout LeftRight | ||
| include * | ||
| } | ||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would suggest removing LWS System, similar to The Web it is a heterogenous envoronment where interactions between autonomous parties follow specific protocol(s). Tyring to draw a box around it seems to me rather confusing.