Integration architecture
Integration Architecture
The Integration Architecture (IA), also referred to as the Data Sharing Infrastructure (DSI), is an open-source framework that enables secure, trusted and interoperable data exchange between organisations. This documentation provides authoritative guidance for deploying, configuring and operating the key components of the IA.
Designed for cloud-agnostic, Infrastructure as Code (IaC) deployment, the IA supports extensibility and customisation while maintaining strict interoperability requirements. Each participating organisation deploys one or more IA Nodes (N1s), which together form governed, policy-driven data-sharing networks (N2s).
Architectural overview
The IA consists of several component types that together establish a trust-enabled environment for cross-organisational data exchange. Each component is delivered through its own open-source repository, and collectively they provide the foundation for secure and governed information flows.
IA Node (N1)
An N1 is the foundational deployment unit. It contains the components that implement the trust, access, communication and governance requirements for participation in a Node Net.
An N1 includes:
-
Mandatory components required for N2 compliance and interoperability (e.g., the Federator)
-
Recommended components that enhance capability or governance
-
Optional components that provide additional operational value
A minimal N1 may omit some components, but any N1 intending to join an N2 must include a functioning Federator.
Management Node
A specialised N1 that establishes and administers the trust environment for a group of participant N1s. It is responsible for:
-
issuing trust materials
-
validating participating organisations
-
enforcing governance policies
-
registering N1s into an N2
It governs a discrete trust domain.
Node Net (N2)
A Node Net (N2) is a governed network of interoperable N1s operating under a Management Node. An N2 provides:
- a controlled trust domain
- policy-driven data exchange
- shared communication standards
- a common model of organisational identity and rights
Admission to an N2 requires an N1 to meet the minimum compliance requirements.
National Node Net (N3) (Planned)
A future national-scale trust ecosystem comprising multiple N2s. Anchored by a Control Node, the N3 will: * * provide national trust anchoring * * support discovery of recognised N1s and N2s * * govern cross-sector interoperability
This capability is Planned and will evolve over time.
Key components
The IA is delivered through multiple open-source components, each maintained in its own repository. These include, but are not limited to:
Federator (Available)
Provides secure API-based data exchange between IA Nodes and enforces the minimum trust requirements for N2 participation.
Adapter / Connect Extract Component (Available)
Integrates data sources into an IA Node.
Supports attaching labels and preparing data for downstream processing, with future enforcement capabilities planned.
Secure Agent (In Development)
Handles secure storage, projection and controlled exposure of adapted data.
Current functions include:
- ingesting adapted data from the Adapter
- projecting data into a secure store (e.g., Apache Jena RDF store)
- applying a reduction mechanism
- exposing an API for applications built on top of the IA
A single IA Node may operate multiple Secure Agents, each using different storage technologies depending on workload or data domain.
A hybrid Secure Agent using PostGIS is available for geospatial workloads requiring queries beyond the practical limits of SPARQL.
Future versions may introduce deeper interoperability between the Secure Agent and the Federator.
Access Application (In Development)
Provides organisational identity and attribute management to support organisational-level ABAC within the IA.
Management Node (Available)
Delivered as a separate repository and responsible for:
- issuing trust materials
- registering and validating N1s
- enforcing governance
- coordinating N2 configuration
Policy Engine (Planned)
A future component intended to evaluate and enforce policies (e.g., XACML/OPA-style), enabling attribute-based access control and policy-driven views across organisations.
Additional operational components
Further repositories provide supporting capabilities such as:
- logging and audit
- monitoring and observability
- catalogue and discovery tools
- governance utilities
- deployment and orchestration helpers
These correspond to components shown in IA architectural diagrams and are documented individually.
All components follow semantic versioning.
This documentation describes only the latest version of each component.
Historical versions are available through the component repositories.
Deployment model
The IA is deployed as Infrastructure as Code and is cloud-agnostic. Reference deployments are available for:
-
AWS
-
Azure
Support for GCP is in development.
Collaboration with additional cloud providers is encouraged, provided deployments meet N2-compliance requirements.
Documentation structure
This site follows the Diátaxis documentation framework, organised per component:
Tutorials
Sequential walkthroughs introducing core workflows.
How-to Guides
Practical instructions for deployment, configuration and operation.
Reference
Authoritative technical detail covering configuration, APIs, data flows and behaviour.
Explanations
Conceptual material describing architectural principles, trust models, and N1/N2/N3 roles.
Components only display the sections that contain available content.
Navigation and usage
- Documentation is grouped by component, with Diátaxis sections inside each component.
- Sections remain hidden until content is available.
- Cross-references connect related concepts and workflows.
- Global search supports rapid access to key information.