ADR 038: Scope Definition of the CIVITAS/CORE Platform
Date: 2026-01-13
Status: Reviewed
Decision Makers: Architecture Board
Context
The CIVITAS/CORE platform is intended to serve as a reusable, open, and modular Smart City core platform. It is composed of multiple open-source components that together provide foundational capabilities such as identity management, API management, data integration, and platform interoperability.
As the platform evolves, it is necessary to clearly define which components are considered part of CIVITAS/CORE, which components are explicitly not part of the platform but should be documented for community usage, and which components are out of scope entirely.
This ADR establishes a clear scope boundary for CIVITAS/CORE in order to:
- Avoid ambiguity for implementers and operators
- Ensure architectural consistency across deployments
- Enable community-driven extensions without bloating the core
- Provide a clear basis for documentation and future ADRs
Checked Architecture Principles
- [none] Model-centric data flow: this ADR does not influence this principle
- [full] Distributed architecture with unified user experience
- [full] Modular design
- [full] Integration capability through defined interfaces
- [full] Open source as the default
- [full] Cloud-native architecture
- [full] Prefer standard solutions over custom development
- [full] Self-contained deployment
- [full] Technological consistency to ensure maintainability
- [none] Multi-tenancy: this ADR does not influence this principle
- [partial] Security by design: we are caught between the conflicting priorities of minimising requirements for operators on the one hand and security by design on the other. This ADR reflects the compromise reached so far.
Decision
The CIVITAS/CORE platform is defined as a logical and deployable core layer that provides identity, API access, data integration, and platform interoperability, while deliberately excluding infrastructure-level and security-operations components, that highly depends on the operators infrastructure decisions.
Components that are Part of the CIVITAS/CORE Platform
The following components are considered part of the CIVITAS/CORE platform and must be supported, documented, and validated:
- Relational Database: Postgres (optionally part of the deployment, can be provisioned independently of the CIVITAS/CORE deployment)
- IAM: Keycloak (mandatory)
- API Gateway: APISIX (mandatory)
- User & Data Management Portal: Backend, Frontend (mandatory)
- Model Atlas / Fennec (mandatory)
- Apicurio (mandatory)
- STA: Frost Server (mandatory)
- NGSI-LD Context Broker (optional, protocol might be provided by platform transformation)
- Message Bus: Kafka (mandatory)
- RedPanda Connect (mandatory)
- Timeseries Database (mandatory)
- Dashboard Superset (mandatory)
- Dashboard Grafana as second tool (not fully integrated)
- Geoserver Cloud (mandatory)
- Geoportal (mandatory)
Components Not Part of CIVITAS/CORE, but Usage Must Be Described
The following components are explicitly not part of the CIVITAS/CORE platform, but their deployment, integration and recommended usage must be described in documentation as some reference architecture to support community deployments:
- Monitoring stack
- Logging components
- Application metrics
- Certificate management
- Private container registries
- Ingress
- Service Mesh
These components are considered environment-specific concerns and may differ between operators and deployment contexts.
Components Explicitly Out of Scope
The following components are not part of CIVITAS/CORE and will not be further described or documented within the platform scope:
- SIEM components
- Web Application Firewall (WAF) implementations
- Backup and restore solutions
These topics are considered operational or organizational responsibilities of platform operators.
Consequences
- CIVITAS/CORE remains lean, modular, and reusable, avoiding overreach into infrastructure and security operations.
- Platform documentation must clearly distinguish between mandatory core components, recommended ecosystem components, and out-of-scope responsibilities.
- Future ADRs must align with this scope definition and must not implicitly introduce out-of-scope components into the core.
Alternatives
- A1: Include full monitoring, logging, and security stacks in CIVITAS/CORE: Discarded because it would significantly increase complexity, reduce deployment flexibility, and overlap with existing organizational tooling for many operators.
- A2: Mandate specific infrastructure implementations (e.g. service mesh, backup solutions): Discarded to avoid coupling the platform to specific vendors or operational models.
See also
relevant ADRs are linked above in the text.