Notice
This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
-
SPDX-License-Identifier: Apache-2.0
-
Licence Path: https://creativecommons.org/licenses/by/4.0/legalcode
-
Copyright (c) 2021, 2022, 2023, 2024 Contributors to the Eclipse Foundation
-
Copyright (c) 2022, 2023 ZF Friedrichshafen AG
-
Copyright (c) 2022 ISTOS GmbH
-
Copyright (c) 2022, 2023, 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-
Copyright (c) 2022,2023 BOSCH AG
-
Source URL: https://github.com/eclipse-tractusx/traceability-foss
Introduction and goals
This chapter gives you an overview about the goals of the service, in which context the service runs and which stakeholders are involved.
Requirements overview
What is the purpose of the Trace-X application
-
Empower all companies from SMEs to large OEMs to participate in parts traceability with an open-source solution to easily take part in the Catena-X traceability use case.
-
It is a standalone application which can be self-hosted.
-
Display the relations of the automotive value chain based on a standardized IT model.
-
Overview and transparency across the supplier network enable faster intervention based on recorded events in the supply chain.
-
Notifications & Messages regarding quality-related incidents and a tool for inspecting the supply chain.
Essential features
-
List, view and publish manufactured parts based on BoM AsBuild
-
List, view and publish planned parts based on BoM AsPlanned
-
Filter and search functionality on part views
-
Show detailed information on manufactured parts from AAS description assets and aspects
-
Uses submodels SerialPart, Batch, JustInSequence and PartAsPlanned
-
List and view supplier parts (SingleLevelBomAsBuilt) based on BoM AsBuilt lifecycle
-
List and view customer parts (SingleLevelUsageAsBuilt) based on BoM AsBuilt lifecycle
-
View parts and parts relations in a visualized parts tree
-
Send and receive top-down notifications (quality investigations) along the supply chain
-
Compliance with Catena-X guidelines
Quality goals
The following table entries define overall Trace-X quality goals. The order of topics does not imply a priority of the quality goals.
Quality goal | Motivation and description |
---|---|
Running reference application for Catena-X traceability |
Consume traceability data, visualize it in a state-of-the-art frontend to the user and enable the exchange of notifications. |
Accessible and easy to use |
Enable SMEs to large enterprises. |
Cloud agnostic solution |
Trace-X is built as a reference architecture and able to be run on different cloud solutions. It uses Helm charts so that it can easily be deployed on different systems. |
Trustworthy application |
Trace-X uses the Catena-X standards as a basis to fulfill the interoperability (with commercial as well as other solutions) and data sovereignty requirements. |
Application reliability |
The Trace-X architecture is set up so that provided part tree structures are consumed, aggregated and utilized to enable quality related actions such as notifications along the supply chain on which the costumers can rely. |
Usability and user experience |
Trace-X is aligned with the overarching UUX guidelines. This ensures ease of use for the user as well as a good user experience. |
Security |
Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) are executed automatically and regularly. Findings are recorded and mitigated. |
Stakeholder
The following table presents the stakeholders of Trace-X and their respective interests.
Who | Matters and concern |
---|---|
Software developer |
|
Operating environments |
|
Catena-X partners |
|
Larger OEMs / tiers |
|
SMEs |
|
Architecture constraints
Technical constraints
Name | Description |
---|---|
Interoperability |
Trace-X must use the EDC together with Catena-X approved data models to guarantee interoperability between participants. |
Data sovereignty |
Data owners and data consumers have to use usage policies for offering, consuming and therefore transferring data. |
Kubernetes for container orchestration |
Catena-X requires the application to run in a Kubernetes environment, deployed via Helm charts. |
Catena-X UUX guidance (CX style guide) |
The frontend of Trace-X follows Catena-X-wide UUX consistency according to the CX style guide. |
Organizational constraints
Name | Description |
---|---|
Schedule |
Start of development in July 2022. Further development in alignment with the foundation of the Catena-X Automotive Network e.V. requirements and timeline. |
Process model |
Iterative and incremental. The SAFe framework is used to align with Catena-X services, prerequisites, components and requirements to be Catena-X compatible. |
Catena-X services / requirements |
Trace-X needs to be Catena-X compliant and the application has to follow the CX standards as well as interact with the core services and components. |
Release as open source |
The source code - at least partially - is made available as open source and can be found in GitHub Catena-X ng as well as in Eclipse Tractus-X. |
Technology Readiness Level (TRL) for products developed within the CX consortia |
As Trace-X is a reference implementation, the Technology Readiness Level (TRL) must not be above TRL 8. |
Political constraints
Name | Description |
---|---|
Open source |
FOSS licenses approved by the Eclipse foundation have to be used. |
Development conventions
Name | Description |
---|---|
Architecture documentation |
Architectural documentation of Trace-X reference application in arc42-template terminology and structure. |
Language |
The project language is English to ensure the best possible accessibility for all participants. Therefore, classes, methods etc. are named in English and the documentation is written in English. |
Test coverage |
More than 80% of the complete source code has to be test covered. |
System scope and context
Trace-X is an end-user application to visualize and utilize data provided to the Catena-X network. This includes the traceability of manufactured parts and batches as well as the shipped and supplied components. To utilize the CX open ecosystem, it is necessary to exchange information on serialized parts and batches with supply chain partners in a standardized, data-sovereign and interoperable way. This section describes the environment of Trace-X, its intended users and which systems and components it interacts with.
Business context
Trace-X exchanges data with any other traceability applications within the CX ecosystem. This is implemented by integrating the service into the CX network and the usage of required central components and services provided by CX.
User
Trace-X can be deployed, hosted and run by every party that is part of the Catena-X network. They need to be registered, have a BPN and a technical user as well as provide valid credentials. An end-user in Trace-X can have roles provided by the CX portal (user, supervisor, admin).
IRS
The Item Relationship Service is the component that is used by Trace-X to fetch data chains from Catena-X network. Data that is provided by IRS gets extracted, aggregated, transformed and is used for further actions in Trace-X. Further information can be found in the IRS architecture documentation (arc42).
Catena-X network
Trace-X and IRS are retrieving necessary information and data from the Catena-X network (users, digital twins, aspects, submodels, business partner information). If CX services are unavailable, Trace-X will not be able to perform most of its work.
Any other traceability app
Trace-X interacts with any other traceability app using the CX standards. This enables sovereign data exchange as well as receiving and sending notifications to interact between different parties.
Technical context
Component overview
Trace-X API
We provide a REST API that is consumed by Trace-X frontend in order to deliver Trace-X related features such as quality investigations or asset chain visibility. Since the Trace-X component is the very last component in the Catena-X ecosystem we are mostly dependent on the other services and theirs APIs in other to deliver desired functionalities. The development of the services is not a part of the Trace-X application and each of the system that we utilize exposes a REST API that we consume and interact with directly.
Trace-X is a Spring Boot based application and is secured with the OpenID connector provider Keycloak and OAuth2. This means for the companies that utilize the Trace-X component, it is required to obtain a technical user to be authorized to get access to the external components within the Catena-X ecosystem.
In order to use the Trace-X frontend with the Trace-X backend, users need to authenticate themselves in order to be authorized to get access to the Trace-X. In the frontend UI users provide valid credentials and the system generates a bearer token that it gets from Keycloak and attaches it to the HTTP header parameter Authorization. Once a user is authorized and has a proper role in the Trace-X backend, the backend delegates HTTP calls to specific services on their behalf as technical user in order to fulfill specific functionalities.
[Outdated] Registry API
Trace-X acts as a consumer of the asset administration shell registry component. Trace-X contains a restful client (REST template) that builds a REST call to the mentioned digital twin registry API based on its known URL (the AAS registry URL is configurable in Trace-X). Requests contain 'assetIds' provided by the component during asset synchronization. Like described in the above section, the security aspect is required in order to achieve a REST call against the AAS Registry. As a response, Trace-X gets the corresponding shells and shell descriptors utilized later for asset synchronization. The HTTP(s) transport protocol is used for the REST call communication.
IRS API
Trace-X acts as a consumer of the IRS component. Trace-X contains a restful client (REST template) that build a REST call to the mentioned IRS API based on its known URL (the IRS URL is configurable in Trace-X). The request contains details required to start an IRS fetch job provided by the component during asset synchronization. Like described in the above section, the security aspect is required in order to achieve a REST call against the IRS. As a response, Trace-X gets the created job id and periodically pulls for the job details that contains assets that will be uploaded to the system. As mentioned above, the transport protocol HTTP(S) is used for the REST call communication.
[Outdated] Portal API
Trace-X acts as a consumer of the portal component. Trace-X contains a restful client (REST template) that builds a REST call to the mentioned Portal API based on its known URL (the Portal URL is configurable in Trace-X). The portal is used to authenticate users and requests against the backend. As mentioned above, the transport protocol HTTP(S) is used for the REST call communication.
[Outdated] EDC API
The Trace-X acts as a consumer and provider of the EDC component. In Trace-X we communicate with the EDC directly only for the sake of fulfilling the quality notification functionality. Specific use cases can be viewed in the Runtime view section. For these purposes the integrated EDC clients in Trace-X are responsible for creating restful requests to the EDC component. As mentioned above, the transport protocol HTTP(S) is used for the REST call communication.
Solution strategy
This section contains a summarized architectural overview, a comparison of the most important goals and the corresponding solution approaches.
Introduction
Following table describes the quality goals of Trace-X (see chapter quality goals) and their matching solution approaches.
Quality goal | Matching approaches in the solution |
---|---|
Running reference application for Catena-X traceability |
|
Accessible and easy to use |
|
Cloud agnostic solution |
|
Application reliability |
|
Security |
|
Technology
Trace-X is developed using Java and the Spring Boot framework for the backend and Typescript based on the Angular framework for the frontend. This decision was taken due to the support of the frameworks as well as technical knowledge of the team members.
The application can be hosted using Docker and Kubernetes. This is commonly used and widespread. With this the application has no vendor lock in regarding the hosting provider.
The communication between frontend and backend is done using REST APIs. This is the standard method in the Catena-X landscape and makes the application components easy to use for any third party client.
For the database PostgreSQL is used.
Structure
Trace-X is divided into two components: Frontend and backend. It roughly can be broken down into the following parts:
-
Asset controllers to get asset information
-
Dashboard controller to get dashboard related summed up information
-
Registry controller to fetch assets from the Digital Twin Registry
-
Notification controller to get notification information and create EDC notification offers
-
Submodel controller for providing asset data functionality
-
Import controller for importing Trace-X data for data provisioning
-
Contract controller to get information about contract agreements
-
EDC controller to retrieve notifications
-
IRS callback controller to retrieve asynchronous jobs completed by IRS
-
Policy controller to retrieve information about policies
-
BPN controller to retrieve information about business partners
The backend does a request to the Digital Twin Registry utilizing the registry controller. Extracted data from the response is made available through the asset controller and the dashboard controller to the frontend.
Building block view
Blackbox overall system
Component diagram
Component description
Components | Description |
---|---|
IRS |
The IRS consumes relationship information across the CX-network and builds the graph view. |
EDC consumer |
The EDC consumer component is there to fulfill the GAIA-X and IDSA-data sovereignty principles. The EDC consumer is composed of a control plane and a data plane. |
EDC provider |
The EDC provider component connects with EDC consumer component and forms the endpoint for the actual exchange of data. It handles automatic contract negotiation and the subsequent exchange of data assets for connected applications. |
Submodel server |
The submodel server offers endpoints for requesting the submodel aspects. |
Level 1
Component diagram
Component description
Components | Description |
---|---|
Trace-X |
Trace-X is a system allowing the user to review the parts / assets catalog and send / receive quality notifications related to those parts. |
Trace-X API |
The Trace-X API is the interface through which the data consumer is communicating. |
AssetsController |
The AssetsController provides a REST interface for retrieving asset information. |
DashboardController |
The DashboardController provides a REST interface for retrieving overall statistics displayed on the dashboard screen. |
RegistryController |
The RegistryController provides a REST interface for retrieving data from the assets registry. |
ImportController |
The ImportController provides a REST interface for importing assets and publishing them in the Catena-X network. |
AssetRepository |
The AssetRepository is a component responsible for storing and getting assets from the database. |
BPNRepository |
The BPNRepository is a component which stores BPN → company name mappings. |
NotificationsRepository |
The NotificationsRepository is a component responsible for storing the status and data of sent and received notifications. |
Database |
The database is a place for storing assets, relations and notifications. |
Runtime view
This section describes the different functionalities of the Trace-X application.
Assets
Scenario 1: Return assets
This section describes what happens when users list stored assets. In this example, the user requests as-built assets. The same can be done with as-planned assets.
Overview
When a user requests stored assets, Trace-X checks if the user has an adequate role ('ROLE_ADMIN', 'ROLE_SUPERVISOR', 'ROLE_USER'). If yes, then the endpoint returns a pageable result of assets.
The returned result can be empty if no suitable asset has been found.
Scenario 2: Return specific assets
This section describes what happens when users search for a specific asset. This example shows the request of one as-built asset. The same can be done with as-planned assets.
Overview
When a user requests a specific asset, Trace-X checks if the user has an adequate role ('ROLE_ADMIN', 'ROLE_SUPERVISOR', 'ROLE_USER'). If yes, then the endpoint returns the asset for the given assetId, if it is found.
If no asset has been found for the given ID, an AssetNotFoundException is thrown.
Notifications
Receive quality notification
This sequence diagram describes the process of receiving a quality notification from another traceability partner:
Overview
The EDC is utilized to transmit data between sender and receiver for both sending and receiving notifications. To be able to receive notifications by a partner you need to
-
Create a notification endpoint for qualitynotifications/receive
-
Create EDC assets
-
Create EDC usage policies
-
Create EDC contract definitions
Trace-X implements a functionality to create assets and their corresponding policies in the admin panel.
With the notification asset it is possible to enable EDC contract negotiation and EDC data transfer based on access policies defined. Only if the sender is able to find the asset in the catalog offer and perform a successful contract negotiation there will be the possibility to send a notification to the specified http endpoint on the receiver side.
Send quality notification
This sequence diagram describes the process of sending a quality notification between traceability applications:
Overview
The EDC is utilized to transmit data between sender and receiver for both sending and receiving notifications. To be able to send notifications to a partner you need to
-
Create a notification endpoint for qualitynotifications/send
-
Create EDC assets
-
Create EDC usage policies
-
Create EDC contract definitions
Trace-X implements a functionality to create assets and their corresponding policies in the admin panel.
With the notification asset it is possible to enable EDC contract negotiation and EDC data transfer process so that the quality investigation can be sent by the sender.
Data consumption
This sequence diagram describes the process of fetching data from the DTR and the Catena-X ecosystem:
Overview
Data is fetched by a Trace-X instance using the Digital Twin Registry (DTR), Item Relationship Service (IRS) and Trace-X consumer EDC. For digital twins the Asset Administration Shell (AAS) standard is used. For fetching data with Trace-X a Digital Twin Registry and an IRS instance are required. Data should represent parts, supplier and customer parts, part trees / part relations.
Data provisioning
The following sequence diagrams describe the process of importing data from a Trace-X dataformat:
Module 1
Data will be imported by the Trace-X frontend into the Trace-X backend and will be persisted as an asset in a transient state. The raw data which is needed for the shared services (DTR / EDC) will be persisted as well.
Module 2
The frontend is able to select assets and publish / synchronize them with the shared services DTR / EDC / submodel API.
Module 3
The backend is able to persist the data in the DTR / EDC and enables the IRS to resolve assets.
Scenario 1: Receive import report
This section describes what happens when the user wants to get a report of the imported assets associated with a importJobId. In this example, the user requests an import report.
Overview
When a user requests an import report, Trace-X checks if the user has an adequate role ('ROLE_ADMIN', 'ROLE_SUPERVISOR'). If yes, the endpoint returns the import report of the given importJobId.
If the importJobId is not known to Trace-X, an HTTP 404 error is returned.
Scenario 2: Publish assets
This section describes the user interaction when publishing assets
Overview
When a user publishes assets, Trace-X checks if the user has an adequate role ('ROLE_ADMIN'). If yes, the endpoint starts to publish assets to the network.
Scenario 3: Publish assets - error on EDC or DTR
This section describes the user interaction when publishing assets fails due to an EDC or DTR error (for example when the services are unavailable).
Overview
When a user publishes assets, Trace-X checks if the user has an adequate role ('ROLE_ADMIN'). If yes, the endpoint starts to publish assets to network. If any of the required services are not available or return an error response upon executing, the included assets are set to ERROR state and the user can retry publishing them at any time when services are available again.
Data sovereignty
Scenario 1: Return asset contract agreements
This section describes the functionality and behavior when a user requests contract agreements from Trace-X via the Trace-X contracts API (/contracts).
Overview
In case a user requests contract agreements, Trace-X checks if the user has required roles ('ROLE_ADMIN', 'ROLE_SUPERVISOR'). If yes, the requested assets will be mapped to the related contract agreement ID. These contract agreement IDs will be then requested on EDC side via POST (/management/v2/contractagreements/request) and GET (/management/v2/contractagreements/{ContractAgreementId}/negotiation) to get the relevant information.
The contract information is then returned by the endpoint as a pageable result.
If no asset IDs are provided in the request, 50 contract agreements are returned by default.
Policy management
To ensure data sovereignty within Trace-X, companies can create policies with constraints to ensure that their data is only shared with companies that match their requirements.
Policies will be used by the EDC to initiate contract negotiations. During the negotiation the EDC will compare the policies of both companies. Only if both policies are valid and the included constraints match, the data will be shared. This applies for sending and receiving of notifications and parts.
After deploying Trace-X, no policies are defined for any BPNs yet. Instead, Trace-X will set up default policies. This ensures that the basic functionality of Trace-X works. However, to be sure that data is shared only with companies that match one’s requirements, an administrator must set up policies before sending and receiving data.
The policies used for sending and receiving notifications and parts have an identical data format, so they can be used for each process interchangeably. The processes itself are different and will be explained in this section.
Policy Types
The EDC connector MUST provide a possibility to restrict the access of a data asset to specific business partners by attribute(s), e.g. represented as a VC. The connector MUST restrict the data usage to partners and purposes for a specific use case.
There are two policy types used.
-
Access
-
Usage
As specified by the Dataspace Protocol one data asset MUST refer to at least one usage policy, expressed in ODRL. For additional information refer to the Connector KIT
Policies for sending and receiving parts
1,2,3,4 |
Policies can be created by user with role 'Admin' at any time in the administration section of Trace-X. The policy is created to later used for publishing parts in the current company context. Policies are stored in the PolicyStore which is a shared component used by Trace-X [A] and Item Relationship Service (IRS) for storing usage and access policies. |
5,6 |
User with role 'Admin' imports assets in the administration section of Trace-X [A]. Parts can be imported at any time in the parts section of Trace-X. They will be stored locally at first. Testdata for asset import |
7,8,9 |
User with role 'Admin' selects parts in transient state in application and publishes them. The user must choose the policy that is used for the contract negotiation of the selected parts. |
10,11 |
The parts are created in the EDC. (POST /v3/assets) |
12,13 |
In case the PolicyDefinition does not exist yet, a new PolicyDefinition is created in the EDC [A]. |
14,15 |
A contractDefinition is created using the provided policyDefinition. |
16,17 |
Each part is created as a Asset Administration Shell Descriptor in the Digital Twin Registry (DTR). This holds all the data of the part including the globalAssetId. |
18,19,20,21 |
Policies can be created by user with role 'Admin' at any time in the administration section of Trace-X. When synchronizing parts, the respective policies for connected BPNLs will be used. |
22 |
Trace-X [B] wants to synchronize parts and retrieve available ones from connected BPNs. In this case Trace-X [A] and Trace-X [B] have an established connection. |
23,24 |
Trace-X [B] requests all Asset Administration Shell Descriptors in the DTR of Trace-X [A]. |
25 |
The globalAssetIds are extracted from the Shell Descriptors. |
26 |
For part synchronization a job is started in the IRS using the globalAssetIds from the previous step. |
27,28 |
IRS requests the catalogOffer for all globalAssetsIds. |
29,30 |
IRS requests policies defined for the BPNL of Trace-X [A] in the PolicyStore of Trace-X [B]. |
31 |
Now that the IRS has all the relevant policies of both companies, it can start comparing the linked policy in the catalogOffer of each part to the policy list of Trace-X [B]. This works by comparing the included constraints logically. |
32,33,34,35 |
If the policy of the part matches with any policy of Trace-X [A], a contract agreement is created for both Trace-X [A] and Trace-X [B]. It can be viewed in the administration section of Trace-X and documents the data exchange. |
ref import part data |
Now that the contract negotiation was successful, the part data can be imported. This process is documented in the data consumption section. |
36,37 |
In case the policy does not match, IRS creates a tombstone and sends a job response to Trace-X [B]. |
38 |
IRS responds to the Trace-X [B] instance after completing job processing. The contractAgreementId for the asset is available in the job response. |
It’s possible to publish parts with different policies. For this, the user must only publish a limited selection of parts for which he can select a policy. For parts that must be published with different policies, the user can repeat the process.
Note: For more detailed information concerning the functionality of IRS please refer to the IRS documentation
[Work-in-progress] The user may also choose parts that have already been published - they can be republished with a different policy. The process for this is identical to the regular publishing process.
Policies for sending and receiving notifications
1 |
Policies can be created by administrators at any time in the administration section of Trace-X. In order for policies to be used for notifications the administrator must pay attention to the BPN selection of the policies, as Trace-X will choose notification policies based on that. |
2 |
The user sends a notification to a connected BPN. |
3 |
First, Trace-X checks the configured policies for any valid (not expired) policies that have the BPN of the receiver in their BPN selection. There can only be one valid policy for each BPN. |
4 |
Trace-X takes the appropriate policyDefinition. |
5 |
Trace-X requests the catalog of the receiver BPN from their EDC. The catalog contains all policies of the BPN including the policies they use for sending and receiving policies. |
6 |
The receiver EDC returns the catalog. |
7 |
Trace-X extracts the required policy definition for receiving notifications from the catalog. If the receiving BPN has multiple valid ones, they all will be extracted in a list. |
8 |
Trace-X compares the extracted policies with its own policy definition. This works by comparing the included constraints logically. |
9, 10 |
If any of the policies match, a contract agreement is created and shared with the receiving EDC and the EDC of the sender. It can be viewed in the administration section of Trace-X. |
11 |
Finally, the notification will be sent to the receiving EDC. |
12 |
If no policies match, an error will be returned to the user. |
No policies defined for receiver when sending notifications
If no policies are configured for the receiving BPN and a notification is sent to that BPN, the default policy of Trace-X is used as a backup. If the default policy is accepted by the receiving BPN, the process can continue as normally and the notification can be sent. When the policy does not match and the notification can’t be sent, an administrator can create policies for the receiving BPN. Then the notification can be resent and will use the new policy.
Expired policy when sending notifications
Policies always have an expiration time defined by the 'validUntil' timestamp. When a notification is sent and there are policies configured for the selected BPN with an expiration time in the past, Trace-X will throw an error. In that case, an administrator must update or recreate the policy. Then the policy can be resent.
Testing policies
In order to test the functionality of policies, an administrator can create a policy with test constraints for connected BPNs. When sending notifications to that BPN, the process should be blocked.
To fix it, the administrator either has to replace the policy with a valid policy or the connected BPN can create an identical policy with the same test constraints. Sending the notification will work after this was done.
The same applies for sending and receiving parts only then the user must choose the created test policy manually.
An example testing process will be described here with two companies Trace-X A and Trace-X B:
In the initial state of Trace-X, only the default policy exists:
The catalog offer contains the policy definition of the default policy:
In this state both companies can send notifications to each other.
In this example Trace-X B creates a new policy:
Once created, the catalog offer will be updated using this policy:
Since the catalog offer of Trace-X B was updated, Trace-X A won’t be able to send notifications to Trace-X B anymore:
Trace-X A will take its own default policy and compare it to the catalog offer provided by Trace-X B, which will result in a mismatch.
Since Trace-X B has no policy defined for Trace-X A’s BPN, it will compare its own default policy with the catalog offer provided Trace-X A which is identical to the default policy. So Trace-X B can still send notifications to Trace-X A:
Now Trace-X A can create a new policy using the same constraints as Trace-X B’s policy:
This policy will now be used when sending notifications to Trace-X B. Trace-X A’s catalog offer is unchanged.
Trace-X A can now send notifications to Trace-X B again, since the policy matches with the provided catalog offer:
Policies
Overview
Scenario 1: Startup interaction with the IRS policy store
The Trace-X instance defines a constraint which is required for data consumption and provisioning. Trace-X retrieves all policies from the IRS and validates if one of the policies contains the required constraint given by Trace-X. If a policy with the constraint exists and is valid, the process ends. If the policy is not valid, it will create one with the given constraint.
This sequence diagram describes the process of retrieving or creating policies from the IRS policy store based on the constraint given by Trace-X:
Scenario 2: Startup interaction with EDC
The Trace-X instance uses the policy which includes the defined constraint and transforms it into a valid EDC policy request. The EDC policy request will be used for creating a policy for the required notification contracts.
This sequence diagram describes the process of retrieving the correct policy by IRS policy store based on the constraint given by Trace-X and reuses it for creating an EDC policy.
Scenario 3: Provisioning of notifications
The Trace-X instance uses the policy which includes the defined constraint for validation of catalog offers by the receiver EDC.
This sequence diagram describes the process of how the policy with the defined constraint will be used for validation of the catalog offers from the receiver EDC:
Scenario 4: Provisioning of assets
The Trace-X instance uses the policy which includes the defined constraint for creating EDC assets.
This sequence diagram describes the process of how the policy with the defined constraint will be used for registering EDC data assets:
Scenario 5: Updating notification offers when creating / deleting / updating policies
The Trace-X instance uses policies for creating the EDC catalog offers of notifications. These offers will be created on the following actions:
-
on Trace-X application startup
-
creating a policy for the own BPN
-
updating a policy for the own BPN
-
deleting a policy for the own BPN
This sequence diagram describes the process of how the catalog offers are updated after policy update / create / delete:
Scheduler
An overview of the scheduler tasks configured in the system.
Scheduler name | Execution interval | Description |
---|---|---|
PublishAssetsJob |
Every hour at 30min |
Publishes assets in IN_SYNCHRONIZATION state to core services. The process combines as-built and as-planned assets and initiates their publication for synchronization in the traceability system. |
AssetsRefreshJob |
Every 2 hours |
Invokes the synchronization of asset shell descriptors with the decentralized registry. It ensures the latest asset information is fetched and updated in the system from external sources. |
Deployment view
Cross-cutting concepts
Entity-relationship model
Please be informed that the 'as-planned' version currently lacks the database relations.
Domain concepts
API model
For detailed information about the API model, please refer to the API specification.
Domain models
Assets
Quality notifications
Safety and security concepts
Authentication / authorization
Trace-X API
The Trace-X API is secured using OAuth2.0 / Open ID Connect. Every request to the Trace-X API requires a valid bearer token. The JWT token should also contain two claims:
-
'bpn' which is equal to the configuration value from
API_ALLOWED_BPN
property -
'resource_access' with the specific key for C-X environments. The list of values will be converted to roles by Trace-X. Currently, Trace-X API handles three roles: 'User' and 'Supervisor' and 'Admin'.
The roles and their functions are documented in the rights and role matrix in the system overview of the administration guide.
Trace-X as EDC client
The Trace-X accesses the Catena-X network via the EDC consumer connector. This component requires authentication via a Verifiable Credential (VC), which is provided to the EDC via the managed identity wallet.
The VC identifies and authenticates the EDC and is used to acquire access permissions for the data transferred via EDC.
Trusted Port for Internal APIs
A second port, called the trusted port, has been introduced which can only be accessed by internal services within the Kubernetes cluster. This measure is implemented to handle APIs that are difficult to secure and involve several systems and processes. The trusted port ensures that only internal, trusted components can access these sensitive APIs, enhancing overall security.
-
Quality notification callback APIs (receive, update) - called by EDC data plane
-
Endpoint Data Reference callback API - called by EDC control plane
Credentials
Credentials must never be stored in GitHub!
Architecture and design patterns
Module / package structure
-
Main domain name
-
Application
-
Optional: subdomain name (in case of inheritance) → following same structure as main domain
-
Mapper: holds the mapper of transforming domain models to response models
-
Service: holds the interface for implementation in the domain package
-
REST: holds the controller for providing the API for the domain
-
-
Domain
-
Optional: subdomain name (in case of inheritance)
-
Model: holds the domain model
-
Service: implementation of the interface provided in the application package
-
Repository: holds the interface for accessing the infrastructure package
-
-
Infrastructure
-
Optional: subdomain name (in case of inheritance)
-
Model: holds the technical entities
-
Repository: holds the data access layer
-
E.g. JPARepository / Impl
-
-
-
All models (request / response) used in the API should be saved in the tx-model project to be reusable for cucumber testing.
-
"Under-the-hood" concepts
Exception and error handling
There are two types of potential errors in Trace-X:
Technical errors
Technical errors occur when there is a problem with the application itself, its configuration or directly connected infrastructure, e.g. the Postgres database. Usually, the application cannot solve these problems by itself and requires some external support (manual work or automated recovery mechanisms, e.g. Kubernetes liveness probes).
These errors are printed mainly to the application log and are relevant for the health-checks.
Functional errors
Functional errors occur when there is a problem with the data that is being processed or external systems are unavailable and data cannot be sent / fetched as required for the process. While the system might not be able to provide the required function at that moment, it may work with a different dataset or as soon as the external systems recover.
Rules for exception handling
Throw or log, don’t do both
When catching an exception, either log the exception and handle the problem or rethrow it, so it can be handled at a higher level of the code. By doing both, an exception might be written to the log multiple times, which can be confusing.
Write own base exceptions for (internal) interfaces
By defining a common (checked) base exception for an interface, the caller is forced to handle potential errors, but can keep the logic simple. On the other hand, you still have the possibility to derive various, meaningful exceptions for different error cases, which can then be thrown via the API.
Of course, when using only RuntimeExceptions, this is not necessary - but those can be overlooked quite easily, so be careful there.
Central fallback exception handler
There will always be some exception that cannot be handled inside the code correctly - or it may just have been unforeseen. A central fallback exception handler is required so all problems are visible in the log and the API always returns meaningful responses. In some cases, this is as simple as an HTTP 500.
Don’t expose too much exception details over API
It’s good to inform the user why their request did not work, but only if they can do something about it (HTTP 4xx). So in case of application problems, you should not expose details of the problem to the caller. This way we avoid opening potential attack vectors.
Development concepts
Build, test, deploy
Trace-X is built using Maven and utilizes all the standard concepts of it. Test execution is part of the build process and a minimum test coverage of 80% is enforced.
The project setup contains a multi-module Maven build. Commonly used classes (like the Trace-X data model) should be extracted into a separate submodule and reused across the project. However, this is not a "one-size-fits-all" solution. New submodules should be created with care and require a review by the team.
The Maven build alone only leads up to the JAR artifact of Trace-X. To create Docker images, the Docker build feature is used. This copies all resources into a build image, builds the software and creates a final Docker image at the end that can then be deployed.
Although the Docker image can be deployed in various ways, the standard solution is to use the provided Helm charts, which describe the required components as well.
Code generation
There are two methods of code generation in Trace-X:
Lombok
The Lombok library is heavily used to generate boilerplate code (like constructors, getters, setters, builders…). This way, code can be written faster and this boilerplate code is excluded from test coverage, which keeps the test base lean.
Swagger / OpenAPI
The API uses OpenAPI annotations to describe the endpoints with all necessary information. The annotations are then used to automatically generate the OpenAPI specification file, which can be viewed in the Swagger UI that is deployed with the application.
The generated OpenAPI specification file is automatically compared to a fixed, stored version of it to avoid unwanted changes of the API.
Migration
Data migration is handled by Flyway.
Configurability
Trace-X utilizes the configuration mechanism provided by Spring Boot.
Configuration properties can be defined in the file src/main/resources/application.yml
Other profiles should be avoided. Instead, the configuration can be overwritten using Spring’s external configuration mechanism (see https://docs.spring.io/spring-boot/docs/2.1.9.RELEASE/reference/html/boot-features-external-config.html). The operator must have total control over the configuration of Trace-X.
Java style guide
We generally follow the Google Java style guide.
API guide
We generally follow the OpenAPI specification.
Documentation style guide
We generally follow the Google developer documentation style guide.
Unit and functional testing
General unit testing
-
Code coverage >= 80%
-
Writing methods which provide a response to be better testable (avoid void if feasible).
-
Naming of unit tests are as follows:
-
Use the given / when / then pattern for unit test structuring. E.g:
Integration testing
Each public API should have at least two integration tests (positive / negative).
For integration testing, the file tx-backend/src/main/resources/application-integration.yml
is used.
Additionally, you need to have a local Docker environment running.
For this, we recommend Rancher Desktop.
Clean code
We follow the rules and behaviour of: https://clean-code-developer.com/.
Secure coding standards
As there is no other guideline of C-X, we fix any vulnerabilities, exposures, flaws detected by one of our SAST, DAST, pen testing tools which are higher than "Very Low".
Trace-X technical class responsibilities
Controller
-
Has only one dependency to a facade or a service or a validator annotation
-
Has no own logic
-
Includes the Swagger documentation annotations
-
Has an integration test class
-
Uses a static mapper to transform a domain model into the response model
-
Returns a ResponseEntity<T>
Response object
-
Should be a public version of the domain object
-
Is a result of the transformation which will be done in the facade
-
Is not necessary if the domain object can be fully public
-
Is not allowed to be implemented in a repository or a DAO
Facade
-
Should have multiple service classes injected
-
Can be implemented in a controller
ServiceImpl
-
Responsible for retrieving data from storage
-
Performs business logic
-
Can be a http client
-
Returns a jpaEntity → domain object
-
Should only be implemented in a controller through an interface
Repository
-
Represents an interface to the underlying repository implementation which then uses the spring repository
Domain object
-
Mapped from an entity or from received external data
-
Will be used as a working model until it will finally be transformed to a response object or another domain which will be persisted later on
Config object
-
Should have the suffix .config at the end of the class
-
Includes beans which are automatically created by app startup
Constructing objects
-
Using builder pattern
-
Currently, we are using the constructor to create objects in our application. Main reason is to provide immutable objects.
-
As the handling with big loaded constructors is not easy and error-prone, it’s recommended to use the builder pattern to have a clear understanding about what we are creating at the point of implementation.
-
-
Using lombok for annotation processing
Operational concepts
Administration
Configuration
Trace-X can be configured using two mechanisms:
application.yml
If you build Trace-X yourself, you can modify the application.yml config that is shipped with Trace-X. This file contains all possible config entries for the application. Once the Docker image has been built, these values can only be overwritten using the Spring external config mechanism (see https://docs.spring.io/spring-boot/docs/2.1.9.RELEASE/reference/html/boot-features-external-config.html), e.g. by mounting a config file in the right path or using environment variables.
Helm chart
The most relevant config properties are exposed as environment variables and must be set in the Helm chart for the application to be able to run. Check the Trace-X Helm chart in GitHub for all available variables.
Scaling
If the number of consumers rises, Trace-X can be scaled up by using more resources for the deployment pod. Those resources can be used to utilize more parallel threads to handle job execution.
Clustering
Trace-X can run in clustered mode, as each running job is only present in one pod at a time. Note: as soon as a resume feature is implemented, this needs to be addressed here.
Logging
Logs are being written directly to stdout and are picked up by the cluster management.
Monitoring
Currently, there is on monitoring supported in Trace-X.
User experience
User interface
Table design
Trace-X uses the following table design to build consistent and user-friendly tables:
Component | Description | Example |
---|---|---|
Actions |
|
|
Action menus |
|
|
Multi-select box |
|
|
Selection box |
|
|
Selection count |
|
|
Column header |
|
Ascending sorting: Descending sorting: |
Filter |
|
Date filter: |
Quick filter |
|
|
Table column settings |
|
|
Full-width toggle |
|
|
Scrollbars |
|
|
Page size selector |
|
|
Page information |
|
|
Page controls |
|
In addition, following tables are used within Trace-X:
When the data is not as complex and/or extensive and single-item actions are not needed:
When data must only be shown and no actions are needed:
Quality requirements
This section includes concrete quality scenarios to better capture the key quality objectives but also other required quality attributes.
Quality tree
The tree structure provides an overview for a sometimes large number of quality requirements.
Quality scenarios
The initial letters of the scenario identifiers (IDs) in the following table each stand for the higher-level quality characteristic. For example M for maintainability. These identifiers are also used in the quality tree. The scenarios cannot always be clearly assigned to a characteristic. Therefore, they sometimes appear more than once in the quality tree.
ID | Scenario |
---|---|
M01 |
Developers with basic knowledge of the traceability use case look for an introduction to the traceability architecture. They get the idea of essential design very fast. |
M02 |
Senior developers look for a reference implementation of the traceability use case functionalities. They get it within the source code. |
M03 |
Developers want to implement new features. They are able to add it to the source code easily. |
M04 |
Developers want to implement a new frontend or change some components. The efforts can be reduced by using the standardized API endpoints to do so. |
I01 |
Users want to switch from a FOSS application to a COTS application or the other way round. This is possible since the application is interoperable with other applications within the CX network. |
F01 |
The application uses the Catena-X standards to ensure the correct interoperability and exchange with other participants. |
F02 |
An OEM or tier n supplier needs more information regarding specific parts. He can mark the parts in question and send a top-down notification (quality investigation) to the next entity / the partner. |
F03 |
A company wants to have more transparency and a visualized status of the supply / value chain. By using the application they are enabled to work with the structures and enable new features / functionalities. |
F04 |
Notifications are sent using the EDC to ensure interoperability with the CX network. |
E01 |
Notifications between traceability apps need to be sent and received within a specified timeframe to minimize the negative impact of e.g. recalled serialized products / batches on the value chain. |
Glossary
Term | Description |
---|---|
Aspect |
Collection of various aspects from the digital twin. An aspect can, for example, bundle all information about a specific part. |
AAS |
Asset Administration Shell (Industry 4.0) is the implementation of the digital twin for Industry 4.0 and enables interoperability between different companies. |
BoM |
Bill of Material. BoM is a list of parts and materials that a product contains. Without them, manufacturing would not be possible. |
BoM AsBuilt |
Bill of material lifecycle of the built entity |
BoM AsPlanned |
Bill of material lifecycle of the planned entity |
BPN |
Business Partner Number. A BPN is used to identify a partner in the Catena-X network. |
CX |
Abbreviation for Catena-X |
Data Sovereignty |
Ability to keep control over own data, that is shared with other participants |
EDC |
Eclipse Dataspace Connector. The connector version used in Catena-X |
FOSS |
Free and Open Source Software |
Interoperability |
Communication and interaction with other components or Catena-X partners / players |
IRS |
Item Relationship Service. Component to provide data chains. IRS architecture documentation (arc42) |
SME |
Small / Medium Enterprise |
Trace-X |
Proper name of open-source software application of Catena-X use case traceability |
UI |
User Interface |