| 1.6 Architecture
20. Technical Architecture | |
|---|
| 1.6 Architecture: 20. Technical Architecture: | | 1. Every application service consists of (1) Specification of Business Requirement (SoR) and (2) Technical Architecture (TA). Business requirement specifications should detail "what" the business wants and not "how" it will be designed - business requirements must be agnostic to the implementation. Technical architecture policies complement and add a specific implementation layer to the application without changing what the business wants - technical architecture adds a specific implementation layer. | | 2. SoR continually evolves by the hour and by the day. Every business requirement must have a "how to guide" to indicate how each function may be used. Every Business entity is implemented as a pair of SQL tables. | | 3. TA policies slowly evolve by the month because each improvement has considerable implications on existing application services. Each TA policy has business rules that must be implemented. TA policies apply to the SoR only and may not apply to TA implementations. TA implemention may be as a pair of SQL tables, as a single SQL table or as a NOSQL file. |
| 2. Technical Architecture (TA): | | 1. The import TA defines the policies that enable the legacy source code to be decomposed into its component parts that caused the source code to be written from its Requirements. Language and implementation details are peeled away, leaving only the core business requirement as an application model. | | 2. The export TA defines the policies that enable the target source code to be assembled from the Specification of Requirement. | | 3. A TA may include the following policies:- | | Language policy. | | Delete policy. | | Business Continuity (backup-recovery-restart) policy. | | Encryption policy. | | Privacy policy. | | History policy. | | Evidence policy. | | Maintainability policy. | | Reuse and Reusability policy. | | Access Control policy. | | Abuse policy. | | Authentication policy. | | Availability policy. | | Cyber Attack policy. | | Training and Education policy. | | Communication policy. | | Support policy. | | Security Control policy. | | Life Cycle policy. |
| 4. Delete Policy: | | 1. Data can be hidden but data cannot be physically deleted. DBMS permissions to delete data are limited to Eliza and her DB archive destruction process. No business requirement to delete data is permitted. | | 2. Data can be overtyped, but before it is overtyped, a physical copy of the original value is taken so the data can be recovered. DBMS permissions to change data are limited to Eliza and her DB change field value process. | | 3. BUSINESS RULE: Every entity is stored as a primary and archive table. Normal business processes only view primary table data. | | 4. BUSINESS RULE: Every record contains a delete flag. When the delete flag is on, the record is physically moved from the primary table to the archive table - the data is not destroyed and can be recovered. | | 5. BUSINESS RULE: Eliza shall identify records that have been added and never used - Eliza shall phyically destroy any unused data. | | 6. BUSINESS RULE: People may signal to Eliza that they want a record to be hidden by changing certain field values to blank or zero. Periodically, Eliza will move unwanted data from the primary table to the archive table. | | 7. BUSINESS RULE: Eliza can be directed to recover an archived field value and restore it in its original primary record. |
| 5. Evidence Policy: | | 1. Dual interlaced evidence trails are maintained to manage data change and what people to. | | 2. "What Did I Do" (WDID) is an evidence chain by person by day to record every request they make to Eliza and to indicate how Eliza replied. Every field value change is recorded in date and time order. | | 3. Every record contains an evidence chain of who and when it was created; and who and when it was last changed. An archive table stores the value of fields before they are changed so every field change can be recovered in date-time order. | | 4. BUSINESS RULE: Eliza writes a WDID record to summarise each persons request. | | 5. BUSINESS RULE: Eliza manages created and last used; person, date and time fields together with an optional number of time used counter. | | 6. BUSINESS RULE: Eliza manages all archive tables without any business requirements. |
| 5. Security Policy: | | 1. BUSINESS RULE: Every field may be encrypted or tokenised by Eliza without any business requirement specification. | | 2. BUSINESS RULE: All business data should be stored in a way that is meaningless and worthless to a criminal. Technical data should also be stored in such a way as to be meaningless and worthless to a criminal. |
| 6. Business Continuity Policy: | | 1. Backup is not fit-for-purpose and was abandoned more than a decade ago. Backup is a periodic batch process that copies data and needs a procedure to physically take those copies to some remote secure location - a security risk. When a backup is used to recover lost data, it cannot recover the data changed since the last backup - a full days work may be lost. It is incomprehensible to imagine that a company could ask its people to remember to reenter a full days transactions again while continuing to do their normal daily work. It is noted that industry reports that up to 50% of backup recovery procedures are less than satisfactory. | | 2. BUSINESS RULE: Data is replicated to more than one secure remote data center. Replicated data is further replicated to other secure remote data centers. The policy is that when ten copies of all business data is stored in secure remote data centers, it is inconceivable that business data could be permanently lost or corrupt or fraudulently changed. |
| 7. Language Policy: | | 1. BUSINESS RULE: Programming languages are HTML, CSS and JavaScript. | | 2. BUSINESS RULE: Eliza is driven by a knowledgebase of declarative business rules. | | 2. BUSINESS RULE: Human language data is stored as UTF-8 that supports all European languages and many other left-to-right languages. |
| 8. Standards Policy: | | 1. Proprietary standards have proven over the last twenty years to keep on changing with considerable disruption and new license fees. At the same time, International standards have matured and grown into a stable, low cost and trusted way of doing business. | | 2. SQL is an international standard that has survived the life cycle of all other proprietary database languages. Companies and people that invested in dBase, Paradox, Sybase, Interbase, Foxpro, etc., have discovered that their investment was not as good as it could have been. | | 3. HTML is an international standard that has survived the life cycle of all presntation languages like Flash, Silverlight amd PDF. With billions of HTML web pages in the world, it is hard to imagine that some companies still invest in proprietary presentation tools. | | 4. Microsoft tries to make "C" a standard language, but over the last twenty years, the "C" language has had a large number of transformations into "C+", "C++", "C#" and now "F#". At the same time, the Microsoft passion for Basic has had many transformations and it remains a core part of Visual Studio. Microsoft understand the limitations of these languages and also support Python, Ruby, Node.js and "M", together with HTNL, CSS, Javascript and TypeScript. Microsoft Visual Studio did cost USD13299 but has had its cost halved in the last year as free-of-charge functionally equivalent packages have evolved. | | 5. BUSINESS RULE: No single proprietary vendor is able to deliver what the world needs so the only viable policy must be to support any number of vendors each of whom can make a contribution. Where international standards have matured into viable technologies that is free-of-charge, then these will replace any proprietary technologies. | | 6. BUSINESS RULE: Information Technology Infrastructure Library (ITIL) defines the organisation structure of the ASP. | | 7. BUSINESS RULE: Information Security Management (ISM) is the priority built into every task. | | 8. BUSINESS RULE: Information Engineering Methodology (IEM) is how applications are designed, developed and deployed. |
| 9. Compliance Policy: | | 1. ASP shall comply with the letter and spirit of the law in all countries that it operates - no compromise, no exceptions and no bending the rules. ASP shall operate in an open, transparent and secure way while keeping trade secrets confidential and customer details private. | | 2. ASP shall comply with the General Data Protection Regulations (GDPR) and the Privacy and Electronic Communications Regulations (PECR). Privacy and security are paramount. ASP has never had a data breach and has organised things in such a way that it will never suffer a data breach. | | 3. Every telephone call will be recorded by any number of agencies in any number of countries. The telephone is no longer fit-for-purpose where that purpose is to communicate private, confidential and sensitive business information. The telephone has been replaced with encrypted electronic communications between business parties that creates an evidence chain. | | 4. Every email will be copied and read by any number of agencies in any number of countries. Some of those agencies will collate the contents and sell the information to third parties. Personal email is no longer fit-for-purpose where that purpose is to communicate private, confidential and sensitive business information. Personal email has been replaced with encrypted electronic communications between business parties that creates an evidence chain. | | 5. BUSINESS RULE: Data Protection Officer (DPO) is a mandatory role that drives threat analysis and security controls. |
| 10. System Software Policy: | | 1. By design, every data center is different so a vulnerability in one data center is unlikely to be replicated by another data center. Each rack of servers use different machines that are cost effective at the time they are deployed or replaced. | | 2. A large number of servers are configured using open source, IBM, MS, Oracle, HP and other system software tools with a divergent policy. Each server has one and only one purpose and is configured to ensure that the server cannot do anything else - virtualisation is rarely used. A server has very limited functionality and a locked down system software configuration that cannot be hacked. | | 3. A load balancing firewall and Intrusion Detection Server (IDS) is connected to the Internet, but no other server has a direct Internet connection. A server has very limited functionality and a locked down system software configuration that cannot be hacked. | | 4. Each server is configured to provide a fixed service for up to two years without patching or any updates, because an Internet connection does not exist. Every server are replaced every two years to minimise the possibility of a hardware fault - energy efficiency is critical to cuting costs and that means old servers are quickly no longer cost effective. |
| 11. Education Policy: | | 1. ASP is an Application Service Provider and not an education establishment. ASP provides detailed guides for how each business function may be used, but is not insured and is not liable for training people to use computer equipment. Owner may operate their own ways of working where applications are just a tool that may be used. | | 2. Not all people have the same level of skill and experience and so alternative methods of working and specific methods of training may be applicable for some people. Owner is responsible for their own people and how best to train those people to their most effective level. | | 3. BUSINESS RULE: Every business function should have its own unique how to guide. The application model is not complete and correct until every function has its own guide. Every spreadsheet and form should have a "guide" popup button in the top left corner to specify the purpose and use of the web page. |
| 12. Maintenance Policy: | | 1. Every application has totally different maintainance policies for SoR and TA. | | 2. BUSINESS RULE: The SoR is continually improved by the hour and by the day. Whatever business requirement the Owner wishes to have delivered shall be delivered - it is not logical to impose any limits or constraints. | | 3. BUSINESS RULE: TA policies are continually improved by the month and by the year - each improvement carries a lot of implications on all existing application services. | | 4. It can be of benefit to provide more than one way to achieve the same business result so different people with different skills can adopt the function the best suits their personal way of working. It would be illogical to demand that all people have exactly the same skills and experience. |
| License Policy: | | 1. GNU public license v2 so anybody can use the software and anybody can make changes, but changes must be made available to everybody else. | | 2. Give a little and more will be given to you. |
|
|