An experiment in transaction tokens and generalizable trust architecture.
parsec is an implementation of ext_authz and token exchange. It is intended to be used by the perimeter of a trust domain in order to:
- abstract away validating credentials from external trust domains (removing those credentials for services within the trust domain)
- issue trusted authorization context for a call chain (transaction token)
It is intended to be used as part of a general federated trust architecture that defines a (1) workload trust domain (expected to be abstracted in the network e.g. through a service mesh) and (2) a [potentially wider] transaction trust domain, established by this service as a transction token issuer.