Jans PDP Mesh

lock-cederaling-architecture

Cedarling Requirements

Embed PDP Rust Cedar PDP
HTTPS SSE: Process notifications of updated Token Status List JWT; validate with Auth Server Public Key
Lock Master POST /audit Send telemetry, health and logs to OAuth protected Lock Master endpoint
Auth Server POST /register If no client creds are present, generate keys and perform OpenID Dynamic Client Registration (upload JWKS); present SSA JWT if available. Request 24 hour client expiration.
Auth Server POST /token Use Client Credential Grant to obtain a JWT access token from Auth Server, needed to call the audit endpoint.
GET GIT: On startup and periodically retreive policy updates from Git
GET /jwks: On startup and periodically retreive latest Auth Server JWKS keys (to validate JWTs)
Future: OpenID AuthZEN API REST interface (alteranative Cedar SDK)

Jans PDP Mesh

Cedarling Requirements

Sequence Diagrams

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally