Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

If you are new to Master Data Management (MDM) you will need to be familiar with the concepts on the page What is Master Data Management?.

YOunite is a robust, configurable federated data integration system with master data capabilities. YOUnite allows an organization to gently transition to the goal of Master Data Management without forcing them into an "all-or-nothing" approach. It provides tools that allow data governance to:

  • Describe data models
  • Group applications/services into organizational boundries
  • Manage access control to the data data  (governance)
  • Decide which applications/services contain master data
  • Integrate and transform data between applications/services

YOUnite includes a user-facing  tool (YOUnite UI) that gives customers the ability to secure and control data flow both into and out of a company's departments or divisions  "zones." A "zone" in YOUnite, is a grouping of resources for a given entity. For example, a college district may have a "parent zone" for accessing data across its district colleges. Each college within that district would have its own "child zone," providing access to data for only that college. There is more on zones below.

YOUnite addresses the issue of "What is the record of truth?" for a resource in any given context. That source of truth is called a "master data record" and the resource might be a customer, a product order, a college, or a course. MDM provides multiple points for updating these resources and ensures that the master record is always updated, but allows each zone to determine where those updates are applied. For example, a student address in an application system is updated by the student. YOUnite receives this change and updates the address master data record. The college zone rules scope ACLs will then determine if this updated address is applied to the Student Information System, Learning Management Systems or any other application that stores the student address.

Data Domains

Data domains are the heart of MDM. In traditional database parlance, data domains are a collection of fields (values) that are encompassed by an attribute (database column). For example, using a Customer table example below, the timeZone attribute has data domain of A, P, M, C, E, or null. In other words, the data for timeZone is limited to this data set.

The timeZone data for customer records might appear as in the following example:

In MDM, domains are schemas that refer to the specific table (i.e. the domain would be Customer, using the first example above). The actual data stored (such as each row in the second example above) represents what is called the Master Data Record (MDRDR).

The MDM data architect's goal is to:

  • create data domains that will normalize data across many systems
  • manage access to their organization's disjointed data sets (referred to as governance) 

Some MDM solutions have fixed or rigid data domains that are generally tied to a given vertical (e.g. manufacturing or finance) but YOUnite allows data architects to:

  • create data domains that reflect their organization's requirements (referred to as Multi-domain MDM)
  • version their data domains to accommodate new applications and application versions 

Once a domain is created and its data loaded, it can be referenced by other data domains, data stewards, and by API consumers as a source of truth. YOUnite domains are defined with JSON.

YOUnite Data Store vs Federated Domains

Each record within the domain is referred to as a  data record or DR.  

TODO: Example pic of "Country domain"

DRs can be stored in a "YOUnite Data Store" domain (inside YOUnite) or a federated domain.

  1. If a domain is stored inside the YOUnite Data Store, the DRs are stored  inside YOUnite and can be retrieved, in whole or in part, by applications. Domains that are either not sensitive to an organization (e.g. a list of courses in a college system) or are reference material that doesn't generally change (e.g. list of states, countries, etc) are good candidates for centrally-stored domains.
    TODO: YOUnite Data Store picture

  2. In a federated domain, the DRs are NOT stored  inside YOUnite but are created in real-time by referencing the elements (or properties) as they are stored in the multiple systems. If customer data is sensitive in an organization where one division (e.g. sales) spends a great deal of time managing it, they may not feel comfortable migrating their customer data to a central service such as YOUnite but will continue to maintain and manage it themselves. However, the organization may mandate that the Sales division share their customer data with other organizations. This is a candidate for a federated domain.  
    TODO: Federated picture

    In the federated domain model, YOUnite stores information about where the customer data is stored, when it was last updated, and who it is shared with but the customer data is physically located only in that organization's various systems. The data stored by YOUnite in this scenario is extraneous information and is referred to as the metadata. The permission-related information (who the data is shared with) is called the scopes. Federated MDM has added latency that is often offset by the way it handles updates to DRs. Changes can be thought of as diffs (see TODO link on diffs). Instead of sending the entire DR metadata to YOUnite when a change is made to its data, only the actual changes are sent.

Domain Property Types

Standard primitives types (integer, floating point numbers, strings and enumerations) are supported as well as arrays and cross-references between domains.

For more a more on domains see the Data Domains guide.

The Operational Side of YOUnite: Zones

One of the key design goals of YOUnite is the ability to group an organization's master data resources by the organization's structure (e.g. divisions, departments, districts, schools, etc.) and then create relationships within that organization. YOUnite calls these groupings zones. A zone example might be the California Community College (CCC) system, where a zone could be the CCC Chancellor's Office, Butte College, and the Los Rios Community College District. 

Zones contain domains, adaptors, logs, scopes, and other resources. Zones are associated with each other in a hierarchical structure with parent, sibling, and child zones. In the example of the college school district, the schools within that district might be considered child zones, for example.

<insert pic>

Zone Users

When a zone is created, two distinct users are defined:

  1. Zone Admin: The admin is responsible for operational tasks, such as:
    • Setting policies
    • Creating subordinate zones
    • Creating users
    • Granting API Access 
    • Managing operational notifications that are sent and received from other zones
    • Managing and viewing operational logs and notifications
    • Managing operational permissions between zones i.e. allowing users of other zones to perform the responsibilities listed above
  2. Zone Data Steward: The data steward:
    • has access rights to all of the master data relevant to the zone

    • has control over the domains and master data associated with a zone.   

    • controls inbound and outbound scope for permissions to the data

    • Create users that have access to the data

    • Can limit or expand user access to the data

    • Grant API access to the data

    • Manage data related notifications that are sent and received from other zones

    • Manage and view domain and master data logs

    • Manage inbound/outbound Scopes to master data 

    • Manage other metadata related to the master dat

By default, the superuser and data steward privileges are mutually exclusive. The superuser controls the operational aspects of the zone while the data stewards controls the data.

YOUnite works with Single Sign-On services (SSO). When a zone is created, the SSO IDs for the zone's superuser and data steward must be provided. The same SSO ID can be used for both the zone admin and zone data steward, creating a user that has control of both the operational AND data elements of a zone.

NOTE: As a security measure, the superuser of a parent zone does not have access to its subordinate zones by default.

You can add additional users (individually or as part of a group) to a zone and grant them permissions. YOUnite's permissions model involves policies (grouped permissions) and groups (grouped users) so that policies can be assigned to groups. This creates and easy-to-manage permission paradigm:

UserA user in the YOUnite system that is tied to an SSO ID.
GroupsA group contains multiple users.
PermissionsSpecifies access or denial to operations and resources.
RolesA grouping of permission settings.

For more a more on zones see the Zones, Users, Groups, Roles and Permissions guide.

Adaptors: The Key to a Federated Ecosystem

In a federated ecosystem, adaptors are the interface between an organization's disjointed systems. Adaptors perform CRUD operations on the data while the YOUnite DataHub ("the hub") performs the task of distributing (routing) the data between the systems. Adaptors represent a significant development effort in the overall process of migrating services under master data control.  A more detailed description can be found on the adaptors page. The  how to configure and bring adaptors online TODO ADD LINK. The YOUnite Developer page covers how to use the YOUnite Adaptor SDK for Java to create adaptors.

In the example below, the organization's CRM, ERP, and MIS systems need to be integrated with YOUnite and the adaptors are written if pre-existing adaptors do not exist.

Extending the example above, each adaptor belongs to a zone. The adaptors communicate with the YOUnite API Service using a message broker:n TODO add

payload gif. This circle represents the data and information being passed it is in the form of a json object. (@50)

Data Governance: Scopes

Scopes are what provide visibility to data between zones & adaptors and are typically managed by the zone's data steward.

Scopes are a key component of MDM  Scopes are both:

  • Permissions on out-bound data
  • Controls on what in-bound data a zone or adaptor should receive

Scopes can be though of as a series of filters that get applied to a data operation.

For example, if an update (PUT or PATCH) operation is performed on data under MDM control filters would control:

  • What zones and adaptors would have visibility to the change 
  • What zones and adaptors want to receive the change

Federated Data

Image Removed