Glossary

State-accredited organizations that provide digital signature services and secure key information carriers or use the applicant’s carriers like USB flash drives. They play a vital role in maintaining the security and integrity of digital transactions and communications, ensuring the authenticity of digital signatures, and thus enabling secure and trustworthy electronic interactions.

Control Plane

Administrative portal

A client web application for administering registry regulations. The interface makes it easy to perform necessary configurations without advanced programming skills.

A service that involves changing some status or other data in a registry. The Platform implements this as a business process that makes changes to the registry data.

A read-only database used by analytical tools, particularly Redash. It receives registry data through logical replication from the operational database.

Preconfigured registry statistics built using the Redash, analytical reporting service. It may include graphs, tables, visualizations, metrics, or key performance indicators — KPIs.

Verification of the user’s provided identifier.

Granting and verification of rights to perform any operations in the system.

Creating many user accounts at a time for service providers (officers) in the registry by importing a CSV file.

A set of operations aimed at achieving a certain result through data processing. BPMN models of business processes are part of the registry regulations.

A standard of graphical notation for modeling business processes.

A database that stores significant business processes execution history events (such as a history of business processes initiated by a user, completed business processes, and completed user tasks).

A distributed database of key-value pairs that temporarily stores data provided by users through the UI forms of business process tasks.

A relational database that stores deployed models of business processes, the current execution state of process instances, the data generated by them, authorization settings, and general configurations.

The registry regulations candidate version is а branch version derived from the master branch of the registry regulations, utilized for creating and editing entities such as data models, processes, forms, etc. Modifications are made through the Administrative Portal to the registry-regulations repository. Developers can incorporate these changes after verification and approval into the master version, a process analogous to Git branch merging.

System components that all registries share. The cluster contains a single copy of each central component.

Citizen onboarding

Citizen-facing solutions refer to digital applications, platforms, or services specifically designed to facilitate direct interactions between governmental bodies and citizens. These solutions aim to provide easy access to public services, enhance the efficiency of public service delivery, and improve overall citizen satisfaction. An example of such a solution is the Ukrainian "Diia" platform, which allows Ukrainian citizens to access various governmental services online, such as obtaining digital copies of documents, registering vehicles, etc. These solutions bring the government closer to the people by leveraging digital technology to break down barriers and streamline processes.

Citizen onboarding

The process of creating an account for a registry services recipient (citizen) using data obtained from the QES key and Unified State Register. This includes creating all the database records necessary for user’s interaction with the registry (such as user profile, settings, and roles).

A web interface used by service recipients (citizens) to interact with the registry in the form of a client web application.

An abstraction within the Control Plane that enables you to manage the central components of the platform.

A team responsible for delivering consulting services to registry development teams, with a key focus on gathering feature requests and tracking bug reports.

Any data that requires authorization to access it.

A set of platform components that simplifies managing the central components of the platform, enables registry management, and aggregates links to all web APIs of the central components.

A resource that extends the OpenShift API by defining the configuration of a specific OpenShift instance. Not necessarily available out of the box when installing OpenShift.

Analytical reports

A centralized facility utilized by an organization to store, process, and distribute data and applications. It houses critical IT operations and equipment including servers, storage systems, and networking hardware. These centers are often designed with redundancy measures such as backup power supplies, data communication connections, and security controls for high availability and reliability. They can be privately owned or provided by third-party cloud service providers.

The platform subsystem responsible for storing data and providing access to it.

A data factory programming interface available to other platform components that provides a set of functions for interacting with registry data.

A description of the content, structure, and integrity constraints used to create and maintain a registry database. It is defined using the Liquibase format at the registry regulations level.

Data factory

A standard notation for modeling business rules using decision tables.

Platforms that facilitate the electronic identification and authentication of users conveniently and securely. They allow users to perform electronic identification through various means. An example of such a service can be the id.gov.ua.

Files that users can upload, download, and view through business process task interfaces (UI forms). Documents are stored in the registry’s object storage. The content of digital documents is not the object of operations at the level of business processes.

In the scope of this document, a digital signature can refer to individual’s or legal entity’s QES, AdES, or EDS, as well as legal entity’s electronic seal. The use of QES or AdES depends on the current legislation requirements.

Electronic data obtained from cryptographic transformation and added to other data or documents to ensure the latter’s integrity and origin.

A distributed naming system that converts network resource names into IP addresses.

A point of integration that allows two programs or systems to exchange data. It serves as a bridge for receiving, sending, and updating information between various components of a system or different systems.

A document generated as part of providing the information services through business processes, which can be downloaded by the user who ordered the information service. Excerpts are presented by separate templates at the registry regulations level.

UI form

A way of implementing continuous deployment for cloud-native applications. The main idea of GitOps is that any changes to the configuration of the OpenShift cluster, cluster components, and Platform components are made by modifying the configuration of these components in their respective Git branches.

Registries that belong to the same owner and are related.

Analytical reports

A business process implemented on the level of an individual registry that fetches registry data in a specified form. It usually involves confirming a certain status in the registry. The result of the service is either an excerpt or confirmation of rights.

A software archive with installation scripts and Docker images that enables you to automatically deploy a specific version of the Platform to a target environment (cloud or data center) and upgrade the Platform to a particular version, for example, 1.9.5.

A component of the external traffic management subsystem and an API gateway.

Kubernetes, often abbreviated as K8s, is an open-source platform for automating deployment, scaling, and managing containerized applications.

An approach to creating, configuring, and modifying systems and applications that require minimal programming. In the context of the Platform, these are the components that enable this approach.

The current version of the regulations deployed to the registry instance.

A logical representation of changes relative to the current master version of the registry regulations. Merge requests must pass integrity and quality tests before actually being applied to the master version.

Any entity owned by a subject.

Officer onboarding

The process of creating an account for a registry services provider (officer) using data obtained from the QES key. This includes creating all the database records necessary for user’s interaction with the registry such as user profile, settings, and roles.

A web interface used by service providers (officers) to interact with the registry in the form of a client web application.

Public information in a format that enables its automated processing by electronic means, as well as free and unlimited access and usage.

A system for automatic deployment, scaling, and management of applications in containers orchestrated and managed by Kubernetes.

A database that stores registry data, settings, business process data, and other operational data used by the registry’s applications and services.

Any information that relates to an identified or identifiable living individual. Data is classified as personal at the level of creating a registry data model, where appropriate processing and access mechanisms are applied.

Platform for state registries

Central components

Keys used for integration with external digital identification providers.

An information system that allows authorized government officers to create and maintain registries using the "Registry as a Service" SaaS model. The system can be deployed either in the cloud or on-premises data center, either for a single registry or a group of registries.

Any data that does not require authorization to access it.

The e-signature used to authenticate users and sign the data they provide.

A limit on the number of requests from a single user.

A core concept of the Keycloak service. A realm manages a set of users, credentials, roles, and groups.

Data factory API

A specialized information resource designed to store and process legally important information about people, their rights and obligations, as well as property and resources.

Platform components installed separately for each registry.

A configuration of registry components available in the Control Plane and registry repository in line with the GitOps approach.

Information stored in the registry database.

Keys used to sign the transformed data of business forms and excerpts.

A process that applies configuration to the registry.

A set of data models, business processes, rules, and settings that define the registry’s functions.

The procedure for creating or updating registry services, business processes, and the structure of the registry database following the registry regulations.

Roles created during registry regulations deployment and configured in the registry regulations.

Endpoint

A method of access control where privileges are assigned to users not directly but via roles. The management of individual user privileges essentially involves assigning them roles.

One or more business processes in the registry aimed at processing a user’s request.

A system role assigned to government representatives interacting with the registry to perform their official duties.

A system role assigned to users who interact with the registry to receive administrative and informational services. This role can be set to an individual, PE’s representative, or a legal entity.

Any natural or legal entity that owns an object.

Roles created by the Platform during registry deployment or Platform installation.

The UI form, available in officer and citizen portals, enables users to submit and view data while completing tasks within the business process.

A formal description of a UI form’s structure, fields, and validation rules. Presented as a file at the registry regulations level.

A compact sequence of characters that uniquely identifies a resource on the Internet.

A common name for the web interface used by service recipients (citizens) and service providers (officers) to interact with the system.

System roles and regulations roles that are assigned to a user.