Components Used
Mydex CIC is committed to using open source components and supporting open source software development across a wide range of community endeavours.
The rationale is simple for us, greater security, many eyes on the same code all driven by making it safe and secure. There is also the reality of lower cost in terms of accessing such amazing capability, the ongoing development and support of functionality and the ability to help shape its future and if necessary make local decisions to meet the needs of our community. We obviously configure it to meet our needs and yes we extend it but we don’t customise it.
We have set out below each component we use across our different environments and the broad categories and elements we classify them under.
Platform Services
- Corporate Websites - This is our publishing site for market information and our blog.
- Developer Documentation (this site) - Where we publish information on our personal data and identity services API’s and our master data schema. Primarily used by developers working in Subscribing organisations either integrating to existing back end services or developing new apps and services.
- External Integration Hub - Mydex integrates a range of external services into its platform including services like the postcode address file, open source data and provides a bridge for members to collect and update other services on the internet that are under their control. The External Integration Hub is designed to make it possible for anyone to build out adaptors to external services and map them into the Mydex Platform. The goal is easy access for our members to their existing services and to simplify API services for application developers using the Mydex platform who want to integrate open data sources and external services into their applications easily.
- Identity Services - Our API services that support multiprotocol identity services that Subscribing organisations and relying parties can use. This is what gives our members a portable privacy friendly MydexID that supports the principle open standard protocols in use across the internet today.
- Inclued Platform - Our safe and secure platform that enables two-way engagement between citizens and Subscribing organisations is built ontop of our core Personal Data Store infrastructure. It improves access to services, enables participation, and builds community through personalised notifications and information.
- Master Reference Data Services - These are our API services designed to save everyone time and effort and prevent duplication for all. We provide a series of look up services such as Post Codes, Country Codes and other directories and services to make it easy to integrate open data and other services into our platform.
- Personal Data Exchange - Our API services for secure data exchange and application services that our Subscribing organisations use.
- Personal Data Store - Includes our personal data store front end application and browser extension that our members use to explore their personal data.
- Web App Generator & Shells Our framework of open source components to deliver consistent, safe and secure user experiences and to embed good practice from the design and UX guides of Government Digital Service and Scottish Government Digital First Service Standard.
Filters
We have classified the Mydex Platform components into some broad groups that are fundamental building blocks. They are as follows:
- API - The way everyone connects to and works with the platform. Its end to end encrypted using open standards.
- Development - The tools we use to develop inside Mydex CIC.
- Encryption - The encryption components we use. For more information on how our encryption and security works please see our security model briefing.
- Identity - The elements that deliver our identity protocol support.
- Infrastructure - The foundations of the platform that underpin all that we do from zero touch deployment, to systems administration.
- Platform - the platform application frameworks we use.
- Testing - how we deliver automated testing.
Within each of these groups we break these down further into specific elements and the components we use within each element.
Simply click on the filters at the top of the listing to see which components are used in each environment.
API
REST
SlimPHP
Slim is a PHP micro framework that helps you quickly write simple yet powerful APIs.External Integration Hub Identity Services Master Reference Data Services Personal Data Exchange Personal Data Stores Web App Generator & Shells
Development
Version Control
git
Git is a version control system that is used for storing application code in 'repositories'. These repositories provide an ability for developers to collaborate on the same code, give an audit trail and the ability to revert changes.Corporate Site Developer Documentation External Integration Hub Identity Services Inclued Platform Master Reference Data Services Mydex Internal Personal Data Exchange Personal Data Stores Web App Generator & Shells
NPM
npm is the standard package manager for Node.js.External Integration Hub Identity Services Personal Data Exchange Personal Data Stores Web App Generator & Shells
Composer
Composer is a tool for dependency management in PHP. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you.External Integration Hub Identity Services Master Reference Data Services Personal Data Exchange Personal Data Stores Web App Generator & Shells
Documentation
phpDocumentor
phpDocumentor is the de-facto documentation application for PHP projects.External Integration Hub Identity Services Master Reference Data Services Personal Data Exchange Personal Data Stores Web App Generator & Shells
Encryption
Database
SQLCipher
SQLCipher adds encryption capabilities to SQLite, allowing the ability to store encrypted SQLite databases.Personal Data Exchange Personal Data Stores
PKI
GPG
GnuPG (GPG) is an open source implementation of OpenPGP, which allows for the encryption and decryption of data using Public/Private keys.Mydex Internal
SOPS
Simple and flexible tool for managing secrets. SOPS is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.Mydex Internal
SSL
OpenSSL
OpenSSL is the opensource implementation of the Secure Sockets Layer standard, which allows for encryption of the transmission of data between networks.Corporate Site Developer Documentation External Integration Hub Identity Services Master Reference Data Services Mydex Internal Personal Data Exchange Personal Data Stores Web App Generator & Shells
Identity
OpenIDconnect
Ory Hydra
Ory Hydra is a hardened and certified OAuth 2.0 and OpenID Connect provider.External Integration Hub Identity Services
Vouch Proxy
An SSO and OAuth / OIDC login solution for Nginx using the auth_request module.Identity Services Mydex Contributed Mydex Internal
SAML
SimpleSAMLphp
SimpleSAMLphp is an application written in native PHP that deals with authentication. The main focus of SimpleSAMLphp is providing support for SAML 2.0 as an Identity Provider (IdP) and as a Service Provider (SP).Developer Documentation Identity Services Mydex Internal Personal Data Exchange Personal Data Stores Web App Generator & Shells
Infrastructure
Application Servers
NGINX
Nginx is a fast and lightweight HTTP daemon for serving websites.Corporate Site Developer Documentation External Integration Hub Identity Services Mydex Internal Personal Data Exchange Personal Data Stores Web App Generator & Shells
Backup
Duplicity
Duplicity is a tool for backing up, validating and restoring data. It supports full and incremental backups, with an added encryption layer for security.Corporate Site Developer Documentation External Integration Hub Identity Services Mydex Internal Personal Data Exchange Personal Data Stores
Cluster
NFS
NFS provides the ability to share a server's filesystem to 'clients' over a network.External Integration Hub Identity Services Mydex Internal Personal Data Exchange Personal Data Stores
Communications
OpenDKIM
OpenDKIM is a community effort to develop and maintain a C library for producing DKIM-aware applications and an open source milter for providing DKIM service.Identity Services Mydex Internal
OpenSSH
OpenSSH is an implementation of the SSH protocol, which allows for encrypted commands to be issued to a remote server over a network. SSH is used at Mydex extensively by humans, robots as well as some of the tools already listed above (such as Fabric).Corporate Site Developer Documentation External Integration Hub Identity Services Mydex Internal Personal Data Exchange Personal Data Stores
Postfix
Postfix is an open source SMTP (mail) system. It is used for outbound as well as some inbound e-mail channels from mydex's infrastructure.Developer Documentation Identity Services Mydex Internal Personal Data Exchange Personal Data Stores
Compute, Storage and Network
Amazon Web Services
Mydex consumes the following services from AWS in order to serve the platform:- VPC - virtual private LAN for networking layout and intercommunication between servers.
- ECS - Amazon’s container service, which runs the open source Docker engine to orchestrate our containers.
- EC2 instances - These are the clusters of servers that run the ECS Docker containers. These run Amazon Linux, based on the open source RedHat/CentOS Linux distributions.
- ECR - Amazon’s Docker image repository (similar to Docker Hub) for storing Docker images.
- ALB - Application load balancers, which route traffic to the compute cluster and containers.
- RDS - Runs MySQL and other database services.
- ElastiCache - runs the open source product Redis, for efficient and fast session/cache storage.
- S3 - used for auxiliary tools such as Cloudwatch configuration and other object file storage.
- EFS - clustered, shared storage across physical data centers for non-ephemeral data.
- SES - SMTP endpoints for sending e-mail and SMS notifications from the microservices.
- SNS and Lambda - for on-demand serverless actions and notification triggering systems.
- IAM - access control/role/policy management for personnel and cross-component interaction.
- Cloudwatch - for log aggregation, metrics and monitoring/alarms.
- Cloudtrail - for audit trails of changes made to the platform.
- AWS Backup - for backing up of certain components.
- Certificate Manager - for SSL certificate issuance.
- AWS Inspector - for network interface/security group/service exposure scanning and analysis.
- Route53 - for DNS.
Corporate Site Developer Documentation External Integration Hub Identity Services Inclued Platform Master Reference Data Services Mydex Internal Personal Data Exchange Personal Data Stores Web App Generator & Shells
Configuration
GitLab
GitLab is an open source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD, and more.External Integration Hub Identity Services Mydex Internal Personal Data Exchange Personal Data Stores
Ansible
Ansible is a simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.Corporate Site Developer Documentation External Integration Hub Identity Services Mydex Internal Personal Data Exchange Personal Data Stores
Terraform
Mydex uses Terraform to orchestrate and automate provisioning, management and recovery of infrastructure.Corporate Site Developer Documentation External Integration Hub Identity Services Mydex Internal Personal Data Exchange Personal Data Stores Web App Generator & Shells
OpenTofu
Mydex is in the process of migrating from Terraform to OpenTofu for infrastructure management, and has signed the pledge as a supporter of the project.Corporate Site Developer Documentation External Integration Hub Identity Services Mydex Internal Personal Data Exchange Personal Data Stores Web App Generator & Shells
Database
PostgreSQL
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads.Mydex Internal
Intrusion Detection & Virus Protection
OSSEC
OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).Corporate Site Developer Documentation External Integration Hub Identity Services Inclued Platform Master Reference Data Services Mydex Contributed Mydex Internal Personal Data Exchange Personal Data Stores Web App Generator & Shells
Trivy
Trivy is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and language-specific packages (Bundler, Composer, npm, yarn, etc.). In addition, Trivy scans Infrastructure as Code (IaC) files such as Terraform, Dockerfile and Kubernetes, to detect potential configuration issues that expose your deployments to the risk of attack.Corporate Site Developer Documentation External Integration Hub Identity Services Inclued Platform Master Reference Data Services Mydex Internal Personal Data Exchange Personal Data Stores Web App Generator & Shells
OWASP ZAProxy
OWASP ZAP is an open-source web application security scanner.Corporate Site External Integration Hub Identity Services Master Reference Data Services Personal Data Exchange Personal Data Stores Web App Generator & Shells
OWASP ZAP Historic Dashboard
Stores ZAP reports historically and enables comparison of current ZAP results against the most recent for changes in alerts.Corporate Site External Integration Hub Identity Services Master Reference Data Services Mydex Contributed Personal Data Exchange Personal Data Stores Web App Generator & Shells
TestSSL.sh
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.Mydex Internal Mydex Contributed
Monitoring
Icinga
Icinga is a monitoring system which checks the availability of your network resources, notifies users of outages, and generates performance data for reporting.Corporate Site Developer Documentation External Integration Hub Identity Services Inclued Platform Master Reference Data Services Mydex Contributed Mydex Internal Personal Data Exchange Personal Data Stores Web App Generator & Shells
Matomo
Matomo, formerly Piwik, is a free and open source web analytics application developed by a team of international developers, that runs on a PHP/MySQL webserver. It tracks online visits to one or more websites and displays reports on these visits for analysis.Corporate Site Developer Documentation
Munin
Munin is a networked resource monitoring tool that can help analyze resource trends and "what just happened to kill our performance?" problems. It is designed to be very plug and play.Corporate Site Developer Documentation External Integration Hub Identity Services Mydex Internal Personal Data Exchange Personal Data Stores
Operating System
Ubuntu
Ubuntu is a popular 'distribution' of the open source operating system known as Linux. Ubuntu is used to power mydex's servers.Corporate Site Developer Documentation External Integration Hub Identity Services Mydex Internal Personal Data Exchange Personal Data Stores Web App Generator & Shells
Scripting
PHP-FPM
PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites.Developer Documentation External Integration Hub Identity Services Master Reference Data Services Mydex Internal Personal Data Exchange Personal Data Stores Web App Generator & Shells
Time
NTP
NTP is the 'Network Time Protocol', which helps servers keep accurate time. Many applications depend on accurate time in order to function properly. Mydex uses standard open source implementations of NTP as provided by Linux.Corporate Site Developer Documentation External Integration Hub Identity Services Master Reference Data Services Mydex Internal Personal Data Exchange Personal Data Stores Web App Generator & Shells
VPN
OpenVPN Server
OpenVPN is an open source implementation of a Virtual Private Network. It is used for secure and convenient connectivity to otherwise firewalled infrastructure.Mydex Internal
Zero Touch Deployment
Fabric
Fabric is a library that allows Mydex to issue automatic commands or 'tasks' to remote servers over SSH. It is used to drive the 'zero touch deployment' of mydex's applications (via Jenkins).Mydex Internal
Jenkins
Jenkins is a 'continuous integration' platform. Designed to run tests on software, it is also used for facilitating deployment of mydex's applications, processing of routine tasks such as backups, and change management.Corporate Site Developer Documentation External Integration Hub Identity Services Master Reference Data Services Mydex Contributed Mydex Internal Personal Data Exchange Personal Data Stores
Platform
Database
SQLite
SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine.Personal Data Exchange Personal Data Stores
Framework
Bootstrap
Bootstrap is a popular HTML, CSS, and JS framework for developing responsive, mobile first projects on the web.Developer Documentation External Integration Hub Identity Services Mydex Internal
D3
D3.js is a JavaScript library for manipulating documents based on data. D3 helps you bring data to life using HTML, SVG and CSS.Mydex Internal Personal Data Exchange Personal Data Stores
Lektor
Lektor is an open source static content management system.Corporate Website Mydex Contributed Personal Data Stores Personal Data Exchange
Jquery
jQuery is a fast, small, and feature-rich JavaScript library. It makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers.Developer Documentation External Integration Hub Identity Services Mydex Internal Personal Data Exchange Personal Data Stores
Middleman
Middleman is a command-line tool for creating static websites using all the shortcuts and tools of the modern web development environment.Developer Documentation Mydex Internal
Summernote
Summernote is a JavaScript library that helps you create WYSIWYG editors online.Corporate Website Web App Generator & Shells
Twig
Twig is a modern template engine for PHP. Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code is reduced to the very minimum.Developer Documentation External Integration Hub Identity Services Mydex Internal Web App Generator & Shells
Docker
Docker is a tool that allows running a discrete set of software within a 'container', which simplifies the development and deployment workflow by making it easier to ship a released application to any remote infrastructure regardless of its operating system.External Integration Hub Identity Services Inclued Platform Master Reference Data Services Mydex Contributed Mydex Internal Personal Data Exchange Personal Data Stores Web App Generator & Shells
Testing
API
Guzzle
Guzzle is a PHP HTTP client that allows quick and painless management of HTTP request integration into web services.Mydex Internal
Postman
Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.Identity Services External Integration Hub Master Reference Data Services Personal Data Exchange Personal Data Stores
Browser Automation
Nightwatch.js
Nightwatch.js is an automated testing framework designed to enable full browser automation which ensures the functionality of the public facing side of the Mydex PDS. It is a kind of front end for Selenium and allows easier management and integration of tests.Mydex Internal
Selenium
Selenium is a testing framework for web applications. It act's as the middleman between Nightwatch.js and the web browser and drives navigation while testing that essential components of the page are present and correct.Mydex Internal
Quality Assurance
SonarQube
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells on 20+ programming languages.Corporate Site Developer Documentation External Integration Hub Identity Services Inclued Platform Master Reference Data Services Mydex Internal Web App Generator & Shells Personal Data Exchange Personal Data Stores
MailHog
MailHog is an email-testing tool with a fake SMTP server underneath. It encapsulates the SMTP protocol with extensions and does not require specific backend implementations. MailHog runs a super simple SMTP server that hogs outgoing emails sent to it. You can see the hogged emails in a web interface.Mydex Internal