Page Comparison

Page Properties

Start Date

21 Oct 2024

End Date

TBD

Contributors

Craig McNally VBar

Status

colour	Blue
title	PRELIMINARY REVIEW

RFC Preparation

Summary

The Folio Eureka Platform (henceforth referred to as Eureka for brevity) represents the next generation of Folio’s architecture which allows the project to operate at enterprise scale and expand its solution space. It seeks to replace custom-developed core components found in the original Folio architecture, with feature-rich, best-of-class, specialized open-source components. The need for this has become critical as Folio has become widely adopted, and particularly in ever increasing numbers in complex configurations such as consortia and national libraries.

...

Expand

title	TBD

This is the bulk of the RFC.

Explain the proposal as though it were already implemented and you were teaching it to someone already familiar with Folio - foregoing unnecessary introductory material.

Get into the specifics including corner cases and plenty of examples.
Define any new terminology and named concepts
Fully explain the scope of the proposal: backend; frontend; full-stack.
Provide clear guidance as to how the proposal might be implemented.
Include any reference to any existing Folio Jira issues.
If appropriate, the use of diagrams and illustrations is encouraged.
Provide any assessment of the dependency impact of the proposed change; its interaction with other features is clear.
If possible describe how disruptive the change might be to the existing Folio development community.
Discuss how any breaking changes can be rolled out (migration guidance).
If applicable, provide sample code or pseudo-code, error messages, or deprecation warnings
Describe the impact on existing Folio documentation, guides and other reference materials.

New Components

The Eureka platform introduces several new components. These will need to undergo some evaluation process. However, there is insufficient time in the proposed timeline to use the standard TCR/New module evaluation process.

folio-kong - API Gateway, CORS
folio-keycloak - Authorization, Authentication
mgr-applications - Application (and constituent module) registration, Discovery information
mgr-tenants - Tenant management
mgr-tenant-entitlements - Application/Tenant entitlements
folio-module-sidecar - Authorization, module-to-module request routing
mod-roles-keycloak - Roles and policies
mod-users-keycloak - Bridges the gap between user records in folio and in keycloak
mod-consortia-keycloak - Alternative implementation of the consortia interface, compatible with Eureka
mod-login-keycloak - Alternative implementation of the login interface, compatible with Keycloak
mod-scheduler - Static and Dynamically defined timers
mod-okapi-facade - Partial implementation of the okapi interface, primarily to support modules which call okapi APIs to get a list of entitlements, tenants, etc.
ui-authorization-roles - User interface for role management
ui-authorization-policies - User interface for policy management
ui-plugin-select-application - Plugin for selecting/unselecting applications. Used by ui-authorization-roles.
stripes-authorization-components - Components to be used by modules and applications that handle Authorization (ui-authorization-roles, ui-authorization-capabilities, etc.) duties
application-poc-tools - Shared library used by many of the components listed above. Yes, it should be renamed.
folio-flow-engine - Shared library used by some of the manager services
folio-keycloak-plugins - Keycloak extensions/plugins

Deprecations

The following could be deprecated/archived once Eureka has been fully adopted and these components are no longer within the support period:

Okapi - Functionality has been delegated to various single-purpose components
- folio-kong
- folio-keycloak
- folio-module-sidecar
- mgr-tenants
- mgr-applications
- mgr-tenant-entitlements
- mod-scheduler
- mod-okapi-facade
mod-authtoken - Replaced by Keycloak/Sidecars
mod-login-saml - Replaced by Keycloak
mod-consortia - Replaced by mod-consortia-keycloak
mod-login - Replaced by mod-login-keycloak
mod-permission - Replaced by mod-roles-keycloak
- Slightly different from the components above in that it’s included in app-platform-minimal. Mod-permissions is needed for migration APIs used when moving to the Eureka platform. After that, it’s no longer needed. So, we need to be sure everyone has fully adopted Eureka before removing it from app-platform-minimal along with the migration APIs.

Benefits

Maintainability
- By adopting trusted open source software like Kong and Keycloak, Folio can focus their development effort on library business logic, leaving the API gateway and Security code to the experts.
Security
- Improved SSO integrations
  - Support for multiple identity providers
  - Single logout
  - Federation support
  - etc.
- Use of standard protocols (OIDC, OAuth2, etc.)
- RBAC support
  - Policies allow for greater control of who can do what, when, from where, etc.
  - Provides a better UX for managing privileges (Grid instead of flat list of permissions/permissionSets)
- Additional features like MFA, LDAP/AD integration, etc.
Enabler for independent application lifecycles
- Application-level packaging (application formalization)
A step toward the envisioned app stores / application marketplaces
Improved system user management
- Modules no longer need to create, manage, and use system users. The platform handles this instead.
Configurable structured transaction logging (https://github.com/folio-org/folio-module-sidecar?tab=readme-ov-file#logging-configuration )

Risks and Drawbacks

Expand

title	TBD

Why should we not do this?

A genuine and thoughtful consideration to risks and drawbacks is essential for a well-rounded proposal.

...

Versions Compared

Old Version 5

New Version Current

Key

Summary

New Components

Deprecations

Benefits

Risks and Drawbacks