access4learning / sif3-framework-dotnet Goto Github PK

This issues hosts the images for the wiki associated with this repository:

Environment - Flexibility: session ID tightly coupled with the framework. De-coupling would make the Framework more extensible.
Session ID storage – This was found to be in a configuration file rather than using industry standards making the framework less extensible. Changes to this will have to be done by us for our needs but such tight coupling should again be avoided where possible

There is an issue with the way the mustUseAdvisory header is being handled in a provider.

Current Logic:

If object has an advisory ref id
    if mustUseAdvisory = true
       process request
    else
       raise error
else
    if mustUseAdvisory = true
       raise error
    else
       process request

Expected Behaviour:

if mustUseAdvisory = true
   if there is a refId clash or the object does not have an advisory ref id
      raise error
   else
      process request
else
   process request assigning a new refid

The response to a create many where the mustUseAdvisory header is unset or set to false should contain a list of "Create Responses" containing advisory refId and it's new refid.

Environment - "open standards": Use of open standards - logging frameworks should be de-coupled from the SIF Framework so that any logging framework can be supported.
Log4Net – The current SIF framework is tightly coupled with log4Net rather than it being configurable. An end organisation who might not use this is then forced to use it rather than choosing whatever else they want to use. Logging frameworks should be generic and the framework should be able to support any number of logging frameworks as needed rather than embedding it within the framework

GenericConsumer has a dependency on Log4Net. The logger is created as a static property in the GenericConsumer class. This violates good programming practice and needs to be changed for the following reasons:

1. Dependencies should be injected. Classes should not instantiate their own dependencies. It makes unit testing hard and violates the (http://en.wikipedia.org/wiki/Dependency_inversion_principle)
2. The ServiceLocator pattern has been used to resolve the logging framework. The service locator has been called an anti-pattern by some (http://blog.ploeh.dk/2010/02/03/ServiceLocatorisanAnti-Pattern/) But the real issue is that a service locator hides a classes dependencies. This is the case here.
3. The logger should not be a singleton. When the framework is used in a multi-tenanted environment logging might want to be directed to different storage locations for different tenants. Having a singleton logger will not allow this as the configuration for the logger can only be specified once. Allowing each instance of GenericConsumer to have a different logger passed to the constructor would fix this issue.

What I would like to do:

1. Create a logging interface that is for the framework. This would allow anyone to use the adaptor pattern (http://en.wikipedia.org/wiki/Adapter_pattern) to wrap whatever logger they prefer. A user could make their own and use Console.WriteLine or Trace.WriteLine for example.
2. Add an extra constructor or a public property that can have the logger set on it. I would prefer a constructor parameter, but understand that people are using the framework already (technical debt) This would remove the service locator and allow logging to be flexible.
3. Remove the log4Net nuget package.

Environment - "Simplicity": SIF Framework database - lack of robust, enterprise grade documentation. Thus making it harder for smaller suppliers to understand how to develop and implement a SIF environment.
We understand that the approach is to write code first and then develop a database automatically using NHibernate, but this needs to have excellent documentation to clearly indicate what the tables and columns are and their intended use. There is no clear enforcement of database concepts and it looks like a free for all database where anything and everything is possible. This has caused a lot of confusion and debate as things marked mandatory in the specifications are not really mandatory in the database and no uniqueness constraints are built in. There are potentially several other instances too but with no guidance on how this critical component of the framework is used it just leads to speculation and varying interpretations.

SIF Consumer - "Scaleability": constant clean up required if the consumer closes abruptly. Will cause havoc when/if school turn off their servers over holiday periods.
SIF consumer application crashing or restarting without unregistering – This caused an issue where the SIF consumer was continually blocked until there was a manual clean up done of the session for that SIF consumer.

SIF Consumer - "Simplicity": SIF Framework does not provide a mechanism for onboarding SIF consumers for the first time. This is a basic requirement of any implementation and should be part of the 'support'.
SIF consumer applications on-boarding – The demo setup has pre-defined entries being created via fixed files or database entries and there is no mechanism for SIF frameworks to actually on board SIF consumers for the first instance. In our discussions it’s become quite evident that this needs to be done via external application but it seems odd that the framework would not provide mechanism to do so. Compounded with lack of documentation around the database entries, its pure guesswork to design a SIF consumer on boarding process and ensure that it will work

As OAuth is a support Authentication method in SIF Infrastructure 3.2 Specification

"Simplicity": SIF Framework Functional Services - lack of robust, enterprise grade documentation. Thus making it harder for smaller suppliers to understand how to develop and implement a SIF environment.
SIF demo setup creating multiple functional services entries – The functional services are associated per zone and per consumer context and multiple entries get created in the demo setup. This isn’t made clear due to the lack of documentation and just causes confusion when we look at the database entries. Moreover, there are other service entries which get created for both direct and brokered environment, even though we only wanted a direct environment setup

"Security": SIF Functional Services Security - if one consumer gets hold of the job ID of another it can use that without any issues
Currently there is no link between Environment registered to a consumer and the jobs created by a consumer. Potentially if the job ID is known then any consumer can use that job ID irrespective of whether they created the job in the first place or not

Environment - "Security": SIF v3 Framework uses shared secret passwords saved in clear text. This is not secure for any implementation. SIF Framework needs to incorporate OAUTH as part of its core code.
Shared Secret – This is like a typical password field and is stored unencrypted within the SIF framework database. Potentially anyone who has access to the database can read this and create fake consumer applications easily to send spurious data to the functional service. SIF needs to be secure across all its framework components rather than just relying on transport level security

The use of navigation page and size are missing in Get(string, string, string, string, string, string, string[], string[]) implementation in Provider.

It can be added it by doing this:

`uint? navigationPage = HttpUtils.GetNavigationPage(Request.Headers);
uint? navigationPageSize = HttpUtils.GetNavigationPageSize(Request.Headers);

TMultiple objs = service.Retrieve(conditions, navigationPage, navigationPageSize, ..`

We nee to extend the framwork to include "event and ques" and we will be appreciating if you provide us with resources or materials that could help us, thank you

When running the Sif3Framework Test project I encountered an error:

Unable to load DLL 'SQLite.Interop.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)

Upgrading the System.Data.SQLite.Core Nuget package to version 1.0.109.2 fixed the error for me.

OS: Window 10 Enterprise - 1809
IDE: Visual Studio 2017 - 15.8.7

I'm sorry if this is not the right place, but I can't find a place to provide support regarding the SIF3Framework-dotNet, the resources is too rare.

My company is currently trying to get SIF 3 certification as a provide, and after researching we found this awesome framework that facilitated a lot to us.

Currently I've created my CSQ and started the test harness after paying the membership fees to SIF Association.

I failed to pass the tests, and I've communicated with their support, the situation now, I've passed the "Create Environment" test, but failed in all the next tests "Read Environment", and "Delete Environment", the error is "Environment URL not set", when I've asked the support why this error is being occurred, he told me that I'm not returning a default Zone.

The question is how to return "Default Zone" to pass those tests?? is there anybody could help?

Thanks in advance

"Security": SIF Functional Services Security - the model for dealing with double logins needs to be reviewed.
If the consumer is already registered and a request to register again is sent from the same consumer, then this gets blocked currently. In most security models at the moment if a consumer tries to double login (the same as registering in SIF) then they are handled in a way to let the consumer proceed further rather than blocking them out