A newer version of this documentation is available.

View Latest

Architecture of Net iD Portal

About

The architecture of Net iD Portal consists of several services. The required services are:

  • NiE (Net iD Enterprise)

  • NiP GUI (Net iD Portal Graphical User Interface)

  • NiP API (Net iD Portal Application Programming Interface)

  • NiP GS (Net iD Portal Generic Service)

  • NiP TS (Net iD Portal Timer Service)

  • Database

  • Files

Net iD Enterprise (NiE)

Net iD Enterprise is a PKI client, provided by SecMaker, which needs to be installed on the local client. NiE handles all the architecture of local tokens, smart card readers and local libraries.

Refer to the Net iD Enterprise documentation for more information.

Net iD Portal Graphical User Interface (NiP GUI)

NiP GUI contains all the structures that can be used by the default web browser. NiP GUI contains the graphical design pack, front-end architecture and structure that are interacting with NiE. NiP GUI can be used on a web server of in the environment or the local workstation. NiP GUI requires NiE to be installed locally on the client.

Net iD Portal Application Programming Interface (NiP API)

NiP API is a web service that contains all the structure and interfaces connecting to the services on server side.
NiP API contains two main web services:

Application

The purpose of the application service is to provide the NiP GUI with a server application interface.

External

The purpose of the external service is to provide third party vendors with a server application interface against Net iD Portal.

The interfaces of the application and external services are:

ServiceSoap.svc

Simple Object Access Protocol (SOAP) specification of the interface formatted as Extensible Markup Language (XML). ServiceSoap.svc uses BasicHttpBinding and all object types are formatted in PascalCase.

ServiceRestJson.svc

Representational State Transfer (REST) specification of the interface formatted as JavaScript Object Notation (JSON). ServiceRestJson.svc uses WebHttpBinding and all object types are formatted in PascalCase.

ServiceRestXml.svc

Representational State Transfer (REST) specification of the interface formatted as Extensible Markup Language (XML). ServiceRestXml.svc usrs WebHttpBinding and all object types are formatted in PascalCase.

Refer to the Net iD Portal API documentation for more information.

Net iD Portal Generic Service (NiP GS)

NiP GS is a Windows Service application running beside the web service on the local server. The purpose of NiP GS is to relieve big and continuous data structures from the services. NiP GS runs as the basic/mex HTTP protocol with port 61236 as default. NiP GS has two modules that runs automatically at startup:

  • TraceServer
    The module receives trace calls asynchronously from the trace structure of the services and saves the traces to local file.

  • Log
    The module receives log entry calls asynchronously from the services and store the entries into the database.

Net iD Portal Timer Service (NiP TS)

NiP TS is a Windows Service application running beside the web service on the local server. The purpose of NiP TS is to running as a background process against Net iD Portal. The settings can be modified through the "Administration" section of the portal.

NiP TS runs as the basic/mex HTTP protocol with port 61234 as default. NiP TS has several modules that can be started in different time intervals. The modules are:

  • Monitor
    The module monitors the system through different kind of tasks. The module runs each 10 minute as default and checks for scheduled works in the Net iD Portal system. The tasks are:

    • Automatically logout of inactive users.

    • Notification of certificates that are going to expire.

    • Release of inactive tasks.

    • Deletion of expired tasks.

    • Status updates for certificates.

    • Status updates for tokens.

  • Uploader
    The module monitors local server directory path for uploading files to Net iD Portal in different kind of tasks. The tasks are:

    • Processing of updated text resources.

    • Processing batch of users that should be created.

    • Processing batch of personalized token orders for users.

  • Gemalto .
    The modules are specified for order, status and revocation of tokens against token manufacturer Gemalto.

Example of settings:

The default module is "MonitorModule". There are non-default modules in the Timer Service and these are custom actions.

<Modules>
    <Module Name="MonitorModule">
        <ModuleAssemblyFile>SecMaker.NiP.TS.Module.Monitor.dll</ModuleAssemblyFile>
        <ModuleClassName>SecMaker.NiP.TS.Module.MonitorModule</ModuleClassName>
        <TimerSeconds>600</TimerSeconds> (1)
    </Module>
</Modules>
1 The <TimerSeconds> tag will specify the time in seconds for how often the module runs (i.e. 600 = each 10 minute).

Database

NiP API stores all data in two databases. The purpose of the two databases are:

System

Contains all the data of the application configuration, users, tokens and certificates.

Log

Separated database that contains all the log information (also known as audit logs).

Database collations

NiP API uses the following default database collations:

  • Microsoft SQL Server: SQL_Latin1_General_CP1_CI_AS

  • Oracle MySQL: UTF8_GENERAL_CI with default character set to UTF-8.

Database constraints

NiP API uses the following constraint name syntax for the database tables:

  • PrimaryKeys: PK_%TABLENAME%_ID

  • ForeignKeys: FK_%TABLENAME%_%PRIMARYKEYREFERENCE%

  • DefaultConstraintName: DF_%TABLENAME%_%COLUMNNAME%

Note that Microsoft SQL Server has a maximum value of 128 characters and Oracle has a maximum value of 64 characters of the constraint name schema.

Database tables

The system database contains several tables for different type of storage. The table names are stored as abbreviation names and describes their own purpose. The following table describes the names and purposes of the database tables:

Table 1. The system database tables
Table name (short) Table name (full) Description

acquis

Acquis

Contains Officer’s Acquis

acquis_usr_relns

Acquis User Relations

Contains relations keys between Acquis and Officers

act_usrs

Active Users

Contains information and handle types about current logged on users.

adm_cfgs

Administration Configurations

Contains static task configuration of the administration types.

adnl_ids

Additional Identities

Contains additional identities for End Entity objects

cache_objs

Cache Objects

Contains different type of cache objects.

cm_soc_sec_nrs

Customized Social Security Numbers

Contains customized social security numbers to specific feature (see the User Guide for more information).

creds

Credentials

Contains credential information for third party services.

crt_auths

Certificate Authorities

Contains information about the certificate authority services.

crt_tmls

Certificate Templates

Contains information about the certificate templates.

crt_whitelist_appvls

Certificate Whitelist Approvals

Contains Certificate whitelist approvals for End Entity objects

crt_whitelists

Certificate Whitelists

Contains Certificate whitelists for End Entity objects.

crts

Certificates

Contains information and binary data of the stored certificates.

dir_svcs

Directory Services

Contains information about the directory services.

end_entities

End Entity

Contains information about End Entity objects

gen_sets

Generic Settings

Contains generic settings and configuration of the NiP API instance.

gen_txts

Generic Texts

Contains generic texts configured from the admin interface

hist_tkns

Historical Tokens

Contains a list of a user’s historical tokens.

key_objs

Key Objects

Contains binary key objects for different types of relations.

lic_svc_adms

Undefined

Undefined

For future use, under development.

lic_svc_nie

Undefined

Undefined

For future use, under development.

lic_svc_nie_mstr

Undefined

Undefined

For future use, under development.

lic_svc_nip

Undefined

Undefined

For future use, under development.

natl_regs

National Registrations

Contains information about the national citizen register services

org_ofc_addrs

Organization Offices Addresses

Contains information about the addresses to offices of an organization

org_ofcs

Organization Offices

Contains information about the offices of an organization.

orgs

Organizations

Contains information about the organizations.

otps

One Time Passwords

Contains temporary one-time password object types.

privileges

Privileges

Contains a list of static and customized privileges.

role_privilege_relns

Role Privilege Relations

Contains relation keys between roles and privilege tables.

role_usr_grps_relns

Role User Group Relations

Contains relation keys between roles and user group tables.

roles

Roles

Contain a list of roles.

rprts

Reports

Contains information templates of reports.

sa_key_objs

Undefined

Undefined

For future use, under development.

sa_key_usr_relns

Undefined

Undefined

For future use, under development.

sa_key_usrs

Undefined

Undefined

For future use, under development.

sms_tmls

SMS Templates

Contains information about the SMS templates.

smtp_tmls

SMTP Templates

Contains information about the SMTP templates.

srvs

Servers

Contains server objects.

task_type_privilege_relns

Task Type Privilege Relations

Contains relation keys between task type and privilege tables.

task_types

Task Types

Contains a list of static and customized task types.

tasks

Tasks

Contains task objects.

tkn_crt_tml_relns

Token Template Certificate Template Relations

Contains relation keys between token template and certificate template tables.

tkn_mfrs

Token Manufacturers

Contains information about external token manufactures.

tkn_prfls

Token Profiles

Contains information about token profile configurations.

tkn_rgtr

Token Register

Contains customized token register.

tkn_tmls

Token Templates

Contains information about token templates.

tkn_usr_relns

Token User Relations

Contains relation keys between token and user tables.

tkns

Tokens

Contains token objects.

unit_tests

Undefined

Undefined

For future use, under development.

usr_appvls

User Approvals

Contains user approvals of End Entity objects

usr_grp_relns

User Group Relations

Contains relation keys between user and group tables.

usr_grp_restr_relns

User Group Restriction Relations

Contains relation keys between usergroups and their restrictions against other usergroups

usr_grps

User Groups

Contains user group objects.

usr_imgs

User Images

Contains user image binaries.

usr_org_ofc_addrs_relns

User Office Addresses relations

Contains relation keys between user and Office Addresses

usrs

Users

Contains user objects.

version

Version

Contains current database context version.

The tables of the log database are:

System database table Name Description

log_ents

Log Entries

Contains information, binary data and signatures of the log entries.

Database documentation

Refer to the Net iD Portal Main database, Net iD Portal Log database, and Net iD Portal LogClient database documentation for more information.

File structure - Net iD Portal services

NiP GUI file structure

The file structure of NiP GUI:

Path Description

%path%\%version%\asset\css

Contains the cascading style sheets (css) of the GUI.

%path%\%version%\asset\fonts

Contains the fonts of the GUI.

%path%\%version%\asset\image

Contains the images of the GUI.

%path%\%version%\language

Contains the local language files in json format.

%path%\%version%\app.js

GUI and front-end application structure.

%path%\%version%\config.js

Configuration of the GUI.

%path%\index.html

Default start page.

NiP API file structure

The file structure of NiP API:

Path Description

%path%\bin*.*

Contains all the assemblies and libraries.

%path%\texts*.*

Contains local trace files generated by NiP API.

%path%\Global.asax

Specifies the handler for the instance of NiP API.

%path%\ServiceRestJson.svc

NiP API REST interface formatted as Json.

%path%\ServiceRestXml.svc

NiP API REST interface formatted as XML.

%path%\ServiceSoap.svc

NiP API SOAP interface.

%path%\Trace.svclog

Instance diagnostic trace.

%path%\Web.Config

Instance configuration of the NiP API and web service.

NiP GS file structure

The file structure of NiP GS:

Path Description

%path%\*.dll

All the assemblies and libraries (same files as for NiP API and NiP TS).

%path%\texts*.*

Contains local trace files generated by NiP GS.

%path%\SecMaker.NiP.GS.exe

The executable file that is installed in the Windows Service Manager.

%path%\SecMaker.NiP.GS.exe.config

Instance configuration of the NiP GS.

NiP TS file strucutre

The file structure of NiP TS:

Path Description

%path%\*.dll

All the assemblies and libraries (same files as for NiP API and NiP GS).

%path%\texts*.*

Contains local trace files generated by NiP TS.

%path%\SecMaker.NiP.TS.exe

The executable file that is installed in the Windows Service Manager.

%path%\SecMaker.NiP.TS.exe.config

Instance configuration of the NiP TS.