You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
refactor(docs): improve formatting and linking on architecture page
This refactors the architecture page to improve readability and navigation. The layout is updated to a single column, the diagram is reoriented, and all components and NIST terms are now linked to their respective pages.
Copy file name to clipboardExpand all lines: docs/architecture.mdx
+13-13Lines changed: 13 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -46,37 +46,37 @@ graph TD
46
46
class POLICY,AUTHZ,ERS,KAS opentdfService
47
47
class ATTR_SOURCES,IDP,CLIENT externalSystem
48
48
49
-
click POLICY "components/policy/" "Go to Policy Service docs"
50
-
click AUTHZ "components/authorization" "Go to Authorization Service docs"
51
-
click ERS "components/entity_resolution" "Go to Entity Resolution Service docs"
52
-
click KAS "components/key_access" "Go to Key Access Server docs"
49
+
click POLICY "components/policy/"
50
+
click AUTHZ "components/authorization"
51
+
click ERS "components/entity_resolution"
52
+
click KAS "components/key_access"
53
53
```
54
54
55
55
### [Policy Service](components/policy/)
56
56
57
-
The **Policy Service** is where all access control policies are defined and managed. It provides the tools and APIs to create a rich set of policies that govern data access. This includes not only attributes and their values, but also the definitions of **actions, obligations, and key access mappings**.
57
+
The Policy Service is where all access control policies are defined and managed. It provides the tools and APIs to create a rich set of policies that govern data access. This includes not only attributes and their values, but also the definitions of **actions, obligations, and key access mappings**.
58
58
59
-
In the context of the NIST ABAC model, the Policy Service functions as the **Policy Administration Point (PAP)**.
59
+
In the context of the NIST ABAC model, the Policy Service functions as the [Policy Administration Point (PAP)](https://csrc.nist.gov/glossary/term/policy_administration_point).
The **Authorization Service** is the core decision-making engine of the platform. It is responsible for evaluating the rich policies from the Policy Service against a set of attributes to render an authorization decision.
63
+
The Authorization Service is the core decision-making engine of the platform. It is responsible for evaluating the rich policies from the Policy Service against a set of attributes to render an authorization decision.
64
64
65
-
In the context of the NIST ABAC model, it functions as the **Policy Decision Point (PDP)**.
65
+
In the context of the NIST ABAC model, it functions as the [Policy Decision Point (PDP)](https://csrc.nist.gov/glossary/term/policy_decision_point).
66
66
67
67
### [Entity Resolution Service (ERS)](components/entity_resolution)
68
68
69
-
The **Entity Resolution Service** is responsible for gathering the attributes about a subject needed for a decision. By default, it can derive attributes from claims in an authentication token. Optionally, it can be configured to connect to external attribute sources (LDAP, SQL) to "hydrate" the entity with more attributes.
69
+
The Entity Resolution Service is responsible for gathering the attributes about a subject needed for a decision. By default, it can derive attributes from claims in an authentication token. Optionally, it can be configured to connect to external attribute sources (LDAP, SQL) to "hydrate" the entity with more attributes.
70
70
71
-
In the context of the NIST ABAC model, the ERS functions as the **Policy Information Point (PIP)**.
71
+
In the context of the NIST ABAC model, the ERS functions as the [Policy Information Point (PIP)](https://csrc.nist.gov/glossary/term/policy_information_point).
72
72
73
73
### [Key Access Server (KAS)](components/key_access)
74
74
75
-
The **Key Access Server (KAS)** enforces access control decisions. Its role is more extensive than a typical enforcement point:
75
+
The Key Access Server (KAS) enforces access control decisions. Its role is more extensive than a typical enforcement point:
76
76
77
77
-**Cryptographic Enforcement:** It enforces decisions by granting or withholding cryptographic keys for TDF decryption.
78
78
-**Encryption Enablement:** It manages key exchanges and enables various TDF encryption modes.
79
79
80
-
In the context of the NIST ABAC model, the KAS functions as the **Policy Enforcement Point (PEP)**.
80
+
In the context of the NIST ABAC model, the KAS functions as the [Policy Enforcement Point (PEP)](https://csrc.nist.gov/glossary/term/policy_enforcement_point).
81
81
82
-
Furthermore, the OpenTDF platform is designed for flexibility. Developers can **build and integrate their own custom PEPs**. These custom enforcement points can leverage the platform's robust Authorization (PDP) and Policy (PAP) services while implementing enforcement logic tailored to specific applications. These custom PEPs can also optionally interface with the KAS to take advantage of its powerful cryptographic capabilities.
82
+
Furthermore, the OpenTDF platform is designed for flexibility. Developers can **build and integrate their own custom PEPs**. These custom enforcement points can leverage the platform's robust Authorization ([PDP](https://csrc.nist.grov/glossary/term/policy_decision_point)) and Policy ([PAP](https://csrc.nist.gov/glossary/term/policy_administration_point)) services while implementing enforcement logic tailored to specific applications. These custom PEPs can also optionally interface with the KAS to take advantage of its powerful cryptographic capabilities.
0 commit comments