ROLES SEPARATION
In most cases, modifications made by one actor does not impact other actors:
  • users cross-query data views without worrying about data sources technologies and data access optimization.
  • contributors extend Lavoisier capabilities by developing plug-ins.
  • administrators configure plug-in chains and views inter-dependencies, validation rules, fallback rules. They also configure cache management according to the characteristics of:
    • the data source: speed, latency, scalability and reliability of the technology used
    • the data itself: amount of collected data and of retained data, expiry and criticality of data
    • the user needs: usage frequency, expected latency

USE OF STANDARDS
Most of major XML-related standards are supported:
  • for users:
    • views and operations defined by administrator are available through a REST interface.
    • supported query languages will include XPath, XSLT and XQuery.
    • supported formats for query results will include XML, JSON and YAML.
  • for contributors:
    • API supported by plug-in interfaces are SAX, DOM, DOM4J, XML streams and Java Beans (each of them having its own advantages and drawbacks in terms of usability and performance).
  • for administrators:
    • supported management protocol is JMX.
    • supported languages for definition of data view format will include DTD and XML Schema.

PERFORMANCE
Lavoisier implements many optimisations in order to offer an efficient data access, while keeping it uniform and flexible:
  • optimize plug-ins chaining by removing all unnecessary XML serializations/deserializations and validations (thanks to SAX events or streams redirections, on-the-fly events processing, usage of Java classes implementing both interfaces...).
  • streamed answer while it is being built.
  • cache mechanism with per data view fine-tuning capabilities (plug-in choice, plug-in parameters, refresh triggering rules...). Lavoisier also has a LRUCacheConnector that enable LRU cache strategy for any data view.
  • XPath optimizations:
    • Lavoisier connectors can interpret XPath expression in order to prune unwanted sub-trees from returned XML.
    • Lavoisier engine has its own XPath implementation. This implementation significantly reduce memory usage by doing stream-based filtering as much as possible, and invoking third-party XPath processor only when needed.

MODULARITY
Data views and operations are defined by assembling plug-ins and view templates. The set of plug-ins can easily be extended by developers. The set of data views can easily be extended by administrators.
SECURITY
AUTHENTICATION: Lavoisier will support the following authentication methods (simultaneously):
  • Basic authentication (login/password)
  • X509-based PKI authentication (requires HTTPS)
  • CAS authentication
  • OAuth2 authentication
  • IP address white-list
AUTHORIZATION: Fine-grained authorization will be supported by configuring a XPath expression per data view. This XPath expression can contain parameters to enable authorizing only a sub-tree of a data view. Filtering some critical XML nodes deep inside a given data view is also possible, but it requires creating a new data view for each set of permissions. Authorization restrictions apply to REST operations only, dependant data views can always access them. Data views with no authorization XPath are public. Data views with empty authorization XPath are hidden. Joker characters will be supported (e.g. 'CN=*' allows any user from known Certificate Authorities).

Please consult the Security FAQ.