1
Repo docs PUBLIC SECTOR INTEGRATION STRATEGY
Albrecht Degering edited this page 2026-07-09 11:42:41 +02:00

Mirrored from /mnt/DATA/git/govoplan-core/docs/PUBLIC_SECTOR_INTEGRATION_STRATEGY.md. Origin: repository. Active tasks and changing state belong in Gitea issues; this wiki page is durable project context.


Public-Sector Integration Strategy

GovOPlaN should integrate with the existing public-sector software landscape before deciding to replace specialist workflows. This document is the core strategy index. The executable connector catalogue lives in govoplan-connectors/docs/PUBLIC_SECTOR_INTEGRATION_CATALOGUE.md.

Strategy Labels

Use one or more of these labels for every external system family:

  • integrate: GovOPlaN talks to the system through a stable API/protocol.
  • link: GovOPlaN stores external references and opens the external system for source-of-truth work.
  • import: GovOPlaN consumes data or files into governed module storage.
  • synchronize: GovOPlaN keeps selected records aligned both ways or through a source-of-truth rule.
  • replace selected workflow: GovOPlaN may own a narrow workflow where the external product is weak, but does not replace the whole product family.
  • no first-class support: GovOPlaN only stores manual references unless a deployment project creates a specific connector.

Initial Classification

System family Examples Default strategy Likely owner
File providers SMB/CIFS, WebDAV, Nextcloud, Seafile, SFTP, S3 integrate, import, link govoplan-files, connector inventory in govoplan-connectors
Project/task management OpenProject, Jira, Redmine, Microsoft Planner link, synchronize selected records, replace selected workflow only after proof govoplan-connectors, later govoplan-tasks or workflow modules
Identity providers LDAP, Active Directory, OIDC, SAML, OpenDesk IDM integrate, synchronize govoplan-idm, govoplan-access
Mail and groupware IMAP/SMTP, Open-Xchange, Exchange/M365, CalDAV/CardDAV integrate, link govoplan-mail, govoplan-calendar, govoplan-connectors
DMS/e-file/archive d.velop/d.3, enaio, ELO, Fabasoft, CMIS, VIS/eAkte link, import, synchronize selected metadata govoplan-dms, govoplan-files, govoplan-records
ERP/finance/procurement SAP, MACH, Infoma, DATEV, procurement feeds export, import, synchronize; do not replace by default govoplan-erp, govoplan-procurement, govoplan-ledger, govoplan-payments
Public-sector transport FIT-Connect, XTA/OSCI, Peppol access points integrate, publish, receive dedicated protocol modules plus govoplan-connectors inventory
Standards registries XRepository, XOE/V catalogues link, import metadata/cache govoplan-connectors, govoplan-xoev
Publication/data exchange RSS, open-data APIs, API feeds, CSV/Excel drops consume, publish, transform proposed govoplan-datasources, proposed govoplan-dataflow, govoplan-reporting
Collaboration suites Matrix, Jitsi, BigBlueButton, Nextcloud Talk, Collabora/OnlyOffice integrate, link; native behavior only for governed evidence govoplan-connectors, govoplan-dms, govoplan-workflow
Specialist Fachverfahren register-specific and domain-specific systems link first; integrate/import when a real project supplies contracts domain module or deployment-specific connector

Landscape Catalogue

This catalogue is intentionally implementation-oriented. Each entry records the first API/auth/data assumptions needed to turn an inventory entry into a connector or module issue.

Citizen And Service Portals

  • Strategy: integrate/link first; replace selected intake workflow only when a GovOPlaN portal package owns the complete journey.
  • Protocol/API surface: REST/JSON APIs, form submission webhooks, OIDC/SAML login, eID interfaces where available, file-upload callbacks, case-status callbacks.
  • Auth model: OIDC/SAML service clients, signed webhook secrets, tenant-scoped API keys, later eID/trust-provider handoff.
  • Data shape: applicant identity reference, application form payload, attachment references, consent declarations, status events, receipt IDs.
  • Deployment assumptions: externally reachable HTTPS, reverse proxy, portal DMZ separation, strict CSRF/origin settings, large upload path.
  • Risks: personal data exposure, duplicate identity mapping, partial submissions, upload malware, inconsistent portal status models.
  • MVP test path: submit a test application with one file, create a form submission/case/task stub, return a receipt and status reference.
  • Owner/priority: govoplan-portal, govoplan-forms-runtime, govoplan-files, Wave 1.

DMS, E-File, Records, And Archives

  • Strategy: link/import/synchronize selected metadata; do not replace the DMS by default.
  • Protocol/API surface: CMIS, WebDAV, vendor REST APIs, S3/object archive staging, file-plan export/import, archive handoff APIs.
  • Auth model: service accounts, OAuth/OIDC where supported, mTLS for regulated archives, secret references for vendor tokens.
  • Data shape: document ID, version, file-plan/classification code, retention metadata, owner/case reference, external URL, checksum, lock/legal-hold state.
  • Deployment assumptions: usually internal network or VPN, strict storage quotas, existing retention policies, archive immutability requirements.
  • Risks: record duplication, broken legal hold, permission mismatch, version drift, destructive retention/export mistakes.
  • MVP test path: create a connector inventory entry, test read-only metadata lookup, link one GovOPlaN file/case evidence item to an external document.
  • Owner/priority: govoplan-dms, govoplan-records, govoplan-files, govoplan-connectors, Wave 2/5.

ERP, Finance, Procurement, And Accounting

  • Strategy: export/import/synchronize selected records; replacement only by narrow domain decision.
  • Protocol/API surface: vendor REST/SOAP APIs, CSV/XML batch exchange, SFTP, XRechnung/Peppol, XBestellung/procurement feeds, payment reconciliation files.
  • Auth model: service accounts, client certificates, mTLS, SFTP keys, token references, environment-specific account separation.
  • Data shape: debtor/creditor reference, payment request, invoice, order, budget/cost-center code, booking status, receipt/evidence reference.
  • Deployment assumptions: batch windows, finance-system approval workflows, test tenants often separated from production by vendor process.
  • Risks: financial posting errors, double export, tax/legal data retention, inconsistent master data, irreversible accounting handoff.
  • MVP test path: dry-run export of one payment/accounting handoff file with checksum, validation report, and no remote posting.
  • Owner/priority: govoplan-payments, govoplan-ledger, govoplan-xrechnung, govoplan-erp, govoplan-procurement, Wave 1/6.

Identity, IAM, And Directory Services

  • Strategy: integrate/synchronize; access remains GovOPlaN's local authorization boundary.
  • Protocol/API surface: LDAP, Active Directory, SCIM, OIDC, SAML, OpenDesk IDM APIs, group membership sync, account deactivation feeds.
  • Auth model: bind accounts, service clients, OIDC/SAML metadata, SCIM tokens, certificate-backed clients where required.
  • Data shape: account, user, group, membership, role claim, tenant/org-unit mapping, status, external directory ID.
  • Deployment assumptions: directory is usually internal; identity provider may be organization-wide and not GovOPlaN-owned.
  • Risks: privilege escalation through group mapping, stale memberships, account collision, deprovisioning latency, tenant-boundary mistakes.
  • MVP test path: read-only directory profile test, map one external group to a tenant group, show a dry-run membership diff.
  • Owner/priority: govoplan-idm, govoplan-access, Wave 1.

Groupware, Mail, Calendar, And Collaboration

  • Strategy: integrate/link; native behavior only where GovOPlaN needs governed evidence or process state.
  • Protocol/API surface: IMAP/SMTP, CalDAV/CardDAV, Open-Xchange APIs, Microsoft Graph/EWS, Matrix APIs, Jitsi/BigBlueButton APIs, Collabora/OnlyOffice integration points.
  • Auth model: service accounts, delegated OAuth/OIDC, app passwords, mailbox credentials, groupware-specific tokens, secret references.
  • Data shape: mailbox folder/message references, event/free-busy data, meeting URL, chat room ID, participant list, document-editing session reference.
  • Deployment assumptions: often internal/existing tenant infrastructure; mail and calendar may be separate from identity even in OpenDesk-style stacks.
  • Risks: mail credential exposure, calendar privacy, double invitations, room booking conflicts, chat/document data escaping retention rules.
  • MVP test path: profile test for mailbox/calendar reachability, read-only folder/free-busy lookup, create a non-production event/message draft.
  • Owner/priority: govoplan-mail, govoplan-calendar, govoplan-connectors, Wave 1/2.

Payment And Public Cashier Systems

  • Strategy: integrate/export/import; keep the payment provider or cashier as source of settlement truth.
  • Protocol/API surface: payment provider APIs, redirect/callback flows, reconciliation files, SEPA/export formats, cash-register/cashier interfaces.
  • Auth model: provider API keys, signed webhooks, client certificates, mTLS, tenant-specific merchant accounts.
  • Data shape: payment intent, amount/currency, payer reference, provider transaction ID, settlement status, receipt, refund/cancellation reference.
  • Deployment assumptions: public callback URLs, strict environment separation, PCI-sensitive providers, finance reconciliation cadence.
  • Risks: duplicate charges, callback replay, amount mismatch, refund workflow gaps, evidence-retention mistakes.
  • MVP test path: sandbox payment intent, signed callback verification, receipt evidence link, reconciliation dry-run.
  • Owner/priority: govoplan-payments, govoplan-ledger, Wave 1/6.

Reporting, BI, Open Data, And Publication

  • Strategy: consume/publish/transform; native reporting owns GovOPlaN views, not every external BI product.
  • Protocol/API surface: SQL read replicas, CSV/Excel export/import, REST APIs, RSS/Atom, open-data APIs, SFTP/WebDAV publication targets.
  • Auth model: read-only DB users, API tokens, SFTP keys, OAuth clients, public anonymous publication profiles where appropriate.
  • Data shape: dataset metadata, schema/version, report parameters, generated file references, publication URL, freshness/lineage, validation results.
  • Deployment assumptions: publication can be public or internal; generated datasets need retention and provenance.
  • Risks: leaking restricted data, stale publications, schema drift, expensive queries, untraceable manual transformations.
  • MVP test path: publish one report/export as a governed file plus RSS/Atom entry with checksum, timestamp, and permission check.
  • Owner/priority: govoplan-reporting, govoplan-connectors, possible future govoplan-datasources/govoplan-dataflow, Wave 2.

Public-Sector Protocols And Registries

  • Strategy: integrate/publish/receive; protocol modules own protocol semantics.
  • Protocol/API surface: FIT-Connect, XTA/OSCI, XRepository, XOE/V, XRechnung, XBestellung, Peppol, registry-specific Fachverfahren APIs.
  • Auth model: certificates, mTLS, service accounts, destination credentials, protocol-specific trust anchors and key rotation.
  • Data shape: transport envelope, payload schema/version, destination IDs, receipt/acknowledgement, message status, standard-specific metadata.
  • Deployment assumptions: regulated trust chains, test/prod endpoint separation, formal onboarding, strict logging and retention expectations.
  • Risks: invalid schemas, failed delivery receipts, certificate expiry, wrong destination routing, protocol version drift.
  • MVP test path: validate a sample payload against a schema, test endpoint reachability in sandbox, store receipt/evidence reference.
  • Owner/priority: govoplan-fit-connect, govoplan-xoev, govoplan-xrechnung, govoplan-xta-osci, govoplan-connectors, Wave 1/2.

File Providers And Shared Storage

  • Strategy: integrate/import/link; files module owns GovOPlaN file semantics.
  • Protocol/API surface: SMB/CIFS, WebDAV, Nextcloud, Seafile, SFTP, S3, local/object storage profiles.
  • Auth model: service accounts, user credentials, app tokens, OAuth where supported, secret references, environment variables for deployment-managed credentials.
  • Data shape: file ID/path, provider object ID, checksum, MIME type, size, version/ETag, owner, permission snapshot, imported file reference.
  • Deployment assumptions: internal networks, large files, existing shares, variable permissions, provider-specific rate limits.
  • Risks: permission mismatch, stale imports, overwrites, duplicate files, path traversal, storage growth.
  • MVP test path: profile test, list folder, import one file into governed storage, keep provider reference and checksum.
  • Owner/priority: govoplan-files, govoplan-connectors, Wave 0/1.

Project, Task, And Case-Adjacent Systems

  • Strategy: connector-first for OpenProject/Jira/Redmine; native module only when GovOPlaN owns project semantics.
  • Protocol/API surface: OpenProject API v3, webhooks, Jira/Redmine REST APIs, Microsoft Graph for Planner/Project where applicable.
  • Auth model: API tokens, OAuth/OIDC apps, webhook secrets, service accounts.
  • Data shape: project ID, work package/task ID, status, assignee reference, external URL, version/lock token, publish/sync trace.
  • Deployment assumptions: external project tool remains source of truth for broad project management; GovOPlaN links selected records.
  • Risks: task duplication, bidirectional sync conflicts, permission mismatch, over-mirroring comments/attachments.
  • MVP test path: OpenProject profile test, project/work-package lookup, external-reference round-trip.
  • Owner/priority: govoplan-connectors, later govoplan-tasks/workflow/cases consumers, Wave 0/2.

Specialist Fachverfahren

  • Strategy: link first; integrate/import only when a deployment project supplies concrete contracts and a domain owner.
  • Protocol/API surface: vendor APIs, CSV/XML batch imports, SFTP, database views, message queues, protocol-specific transports.
  • Auth model: usually service accounts, VPN, mTLS, SFTP keys, or vendor tokens.
  • Data shape: domain-specific record IDs, status, applicant/person references, file/evidence references, case/status events.
  • Deployment assumptions: strongly local/vendor-specific, often no stable test API, data model differs by jurisdiction.
  • Risks: brittle vendor contracts, legal source-of-truth ambiguity, high customization cost, migration expectations.
  • MVP test path: inventory entry and manual external-reference link; require a project-specific connector issue before automation.
  • Owner/priority: domain module or deployment-specific connector, case by case.

Prioritization Rules

  1. Start with connectors that unblock Wave 0 or Wave 1 reference journeys.
  2. Prefer open standards and self-hosted/open-source APIs where they are common in public-sector deployments.
  3. Treat inventory-only entries as useful because operators need a map of their software landscape even before automation exists.
  4. Keep connector code in the owning connector/protocol module. Domain modules consume capabilities, DTOs, external references, and events through core.
  5. Every executable connector needs health diagnostics, secret-reference handling, lifecycle state, audit events, and retirement behavior.

Connector Catalogue Handoff

govoplan-connectors owns the detailed catalogue entry shape:

  • connector type key
  • category and owner module
  • supported directions and trigger modes
  • credential and secret handling
  • health check and diagnostics payload
  • external-reference shape
  • required capabilities and optional module combinations
  • lifecycle support

Core should only keep strategy, routing, and cross-module architecture notes. Connector implementation and public-sector target inventory belong in govoplan-connectors.