Commit 44ad2cc
Changed files (1)
README.md
@@ -13,6 +13,54 @@ Below is a recording of a SAML based service provider initiated login, displayin
+## Architecture
+
+```plaintext
+ -------------
+ | user-agent |
+ -------------
+ |
+ |
+ V
+----------------|:8080|----------------------------------------
+ |
+ V
+ ---------------
+ | API Gateway | (use casbin to evict early)
+ ---------------
+ |
+ |---------|------| (reverse proxy and injects context headers)
+ | |
+ | V -----
+ | -------------------- (_____)
+ | | IdP (saml, oidc) | ------- | db |
+ | | | -----
+ | --------------------
+ | | :http | :grpc | (use declarative_policy)
+ | --------------------
+ | A
+ -------------- |
+ | | |
+ V V |
+ ------ ------------ |
+ | UI | | REST API |-------|
+ ------ ------------
+ |
+ V
+ _____
+ (_____)
+ | db |
+ -------
+
+[UI]: ui.example.com
+[REST API]: api.example.com
+[IdP]: idp.example.com
+```
+
+I have ommitted TLS, RS256 from the prototype to offload the decision of key
+management and rotation. See [smallstep](https://smallstep.com/docs/step-cli/)
+for PKI management.
+
## Getting Started
1. Install tools: