Platform Core

The ComUnity Platform Core contains a set of shared components which serve as the “central nervous system” of the digital operating platform. While some of these components perform centralised tasks within the core, others are responsible for providing a common set of services across all platform service layers.

At a high level, the Platform Core responds to requests from the Client Runtime and hosted applications.

The Platform Core will make sure the interacting entity is who it says it is by calling the authentication component, that the entity has the appropriate permissions by calling the authorisation component and that it is possible to satisfy the request. The core will then call on the necessary services to assemble the response.

If the request is for data only, then the request will be routed through the components of the Platform Core to the Data Services. If the request is for metadata, then the request will be routed to the Application Content Manager.

The Platform Core components are:

Secure Channel
Secure Channel is the first component of the Platform Core, and provides message privacy, tamper protection, and server authentication. All devices that support secure channel communications will use this component.

The compression component detects user agent support for compression and compresses the response. This applies to both media and data although many content types like JPEG are delivered as-is since the format is inherently incompressible.

Whenever the incoming message asserts an identity, the identity is authenticated against the authentication service. The authentication service allows authenticating with an e-mail address, telephone number or a ComUnity account name.

The logging component records the request’s metadata in file storage. When the response comes back its metadata is also logged. Sensitive data like authorisation data is removed before persisting. When an error occurs, the request and response bodies are also stored. All log operations are asynchronous to minimise the effect on responsiveness.

The routing component examines the incoming request and passes it to the appropriate handler. Media and data requests are first passed on to authorisation while tracking and metadata are passed to their respective handlers.

The responsibility of this component is to authorise the request and then return the user’s profile including security roles. The authentication and authorisation layers ensure that any operation on any resource happens with permission. When the incoming request does not satisfy these requirements, an error is returned to the client. The client applications handle such errors by presenting the user with a choice to sign in to continue. This reactive authorisation also caters for the scenario where the client application needs user profile information to render UI elements or the client application detects that the user’s security roles are not sufficient for the targeted resource. In these cases, the login service can authorise new credentials and return a user profile with possibly elevated security roles.

The tracking component records metadata about the request and then passes control to the authorisation component after setting the request URL to the URL of a resource configured in the tracking record identified by the original request URL.

Live Connect
The live connection component is responsible for delivering changes to a resource as quickly as possible to clients that are interested in them. Each request, and its response is assigned a unique id to enable tracking of the request as it moves through the request pipeline.

Based on cache control metadata the caching component may decide to invalidate current cache entries or deliver a response from cache storage. When a request is passed on, the resulting response is evaluated for cache control instructions to determine whether the response may be recorded in the cache. The caching component supports expiration and validation.

The slipstream component makes sure that there is only one idempotent request in- flight for the same resource on the same processor. When a request comes in while another is in progress for the same resource, the requests are added to the queue of requests waiting on the response. When the response comes back, the same response is delivered to all the requests at once. The slipstream component can greatly increase scalability during peak times.

Get started

Get started with ComUnity