comby

Appearance

Domains in comby: default

The default domains in comby form the foundational structure of the system. Each domain represents a specific area of concern in the application, enabling modular design and easy extension. These default domains cater to essential functionality such as user management, organizational structures, group and identity management. Together, they provide a comprehensive framework for building robust, multi-tenant, and event-sourced applications.

Comby default consists of two main components:

  • the defaults for the domain (or default domains) and
  • the defaults for the REST API (or default API).

Here is a representation that illustrates everything in green belongs to the default. Additional user-specific domains are represented under custom domain and custom API which of course have access to default. For example, developers are able to reuse the existing Permission layer or access the runtime information. Here it is just an illustration where default live when used in the application.

Developers are free to use default in their application. It is not necessary to use them; however, without them, developers work solely with the bare Facade. In this case, features such as the Admin Dashboard, API Explorer, multi-tenancy, RBAC (Role-Based Access Control), REST API and others are not available. However, there are use cases where this approach makes sense. For example, in edge computing or IoT applications.

INFO

Developers can either use the defaults as a whole or not at all. The default components only work together as a complete set. If a developer chooses to use only Account and Tenant, the features mentioned above will not be available.

Account

The Account domain focuses on managing user credentials, sessions, and states. It supports various lifecycle states such as registered, active, blocked, and removed, while providing capabilities for password management, one-time tokens, and secure session handling. Accounts are central to user authentication and the management of individual user actions within the system.

Tenant

The Tenant domain represents organizations or logical groupings, serving as the foundation for multi-tenant architecture. Tenants encapsulate metadata such as names, secrets, and additional properties, enabling resource isolation and configuration management for different organizational contexts. This domain supports the creation, update, and deletion of tenants, acting as the primary boundary for tenant-specific resources.

Group

The Group domain is designed to manage role-based permissions and organizational structures within a tenant. Groups store runtime permissions, allowing granular control over access to system features. Identities, which represent users, can belong to one or more groups, enabling complex permission hierarchies and role management within a tenant.

Identity

The Identity domain captures tenant-specific user representations. It links to accounts for authentication, supports profiles with details such as names, emails, and avatars, and manages tokens for API access and group memberships. Identities form the basis for tenant-level user management, allowing users to belong to specific tenants with well-defined roles and permissions.

Invitation

The Invitation domain handles the lifecycle of user invitations, enabling seamless onboarding into tenants or groups. It tracks the creation, sending, acceptance, or decline of invitations, while ensuring secure workflows with tokens. Invitations bridge external users into the system, simplifying the process of joining tenants or groups.

Asset

The Asset domain provides a framework for managing resources such as files or documents. It tracks metadata, including name, size, content type, and storage paths, and supports tagging, access control, and integration with external storage systems. Assets are essential for handling tenant or user-specific data, ensuring secure and organized resource management.

Webhook

The Webhook domain enables integration with external systems through event-driven notifications. It stores webhook URLs, the types of events they respond to, and their active status. Webhooks allow external systems to react to domain events in real time, fostering connectivity and automation with third-party platforms.

Auth

The Auth domain provides authentication and authorization mechanisms for user management. It supports user authentication, session management with tokens, and role-based access control (RBAC) for securing resources. This domain is essential for enforcing security policies and managing user permissions within the system.

Runtime

The Runtime domain provides tools for runtime system introspection and management. It exposes lists of commands, queries, events, and aggregates, supports Server-Sent Events (SSE) for real-time monitoring, and facilitates system debugging and administrative tasks. This domain is integral to maintaining and observing the health and behavior of the application in live environments.