ZAC solution architecture

These pages describe the solution architecture of ZAC.

The ZAC architecture is documented using the C4 Model. Architecture diagrams are created and rendered using Mermaid.

The architecture is documented in more detail on the following pages:

System Context - The system context of ZAC including the surrounding technical landscape.
IAM Architecture - The identity and access management (IAM) architecture of ZAC.
Open Formulieren Integration - The integration of ZAC with Open Formulieren.
SmartDocuments Integration - The integration of ZAC with SmartDocuments.
Solr Architecture - The architecture of the Solr search engine in ZAC.
Access Control Policies - The Open Policy Agent (OPA) access control policies used by ZAC.
Observability Architecture - The observability setup used for the ZAC environment.
Process Automation Architecture - The process automation architecture of ZAC based on CMMN and BPMN.

Main characteristics

The main overall characteristics of the ZAC architecture are:

ZAC is deployed as one WildFly runtime container serving both the backend and the frontend (as one process).
ZAC uses a Solr search engine which runs as a separate runtime.
ZAC requires a PostgreSQL relational database.
ZAC uses the Open Policy Agent (OPA) standard to define its security policies (= role-permission mappings). ZAC uses an OPA server which runs as a separate runtime.
ZAC does not require an external file system (like NFS or SMB).

ZAC complies to the principles of Common Ground. A few important Common Ground principles that therefore apply to ZAC include:

Principle	Implication for ZAC
Component based	ZAC is a component for zaakgericht werken with a clear purpose and bounded context. Functionality which is not directly related to its purpose should (eventually) be moved outside of ZAC.
Open and open source	The ZAC source code is open source. We use the EUPL 1.2 open source license. Also our way of working, documentation, user stories and issues are all open to the public.
Data at the source ('Eenmalige vastlegging')	Data is kept at the source as much as possible. The main deviance from this principle is that ZAC stores certain external data mainly Open Zaak (in the ZAC cache and the ZAC Solr search engine) for performance optimisation reasons. ZAC however always treats Open Zaak as the single source of truth for this data.
Standards	ZAC runs on Kubernetes and provides a Kubernetes Helm Chart for deployment to a Kubernetes cluster. ZAC is currently not compliant with the Common Ground NLX and Haven standards. ZAC does not offer an API to be used for other components. The ZAC backend API is solely meant to be used by the ZAC frontend and can therefore be seen as a ‘backend for the frontend’. Security guidelines obviously still apply.