docs: add architecture diagram to README

1 files changed, 48 insertions, 0 deletions

diff --git a/README.md b/README.md
index 5e24c3b2..ebab0c50 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,54 @@ Below is a recording of a SAML based service provider initiated login, displayin
 
 ![SAML Login](./screencast.webm)
 
+## Architecture
+
+```plaintext
+                -------------
+                | user-agent |
+                -------------
+                   |
+                   |
+                   V
+----------------|:8080|----------------------------------------
+                    |
+                    V
+             ---------------
+             | API Gateway | (use casbin to evict early)
+             ---------------
+                    |
+          |---------|------| (reverse proxy and injects context headers)
+          |                |
+          |                V                      -----
+          |         --------------------         (_____)
+          |         | IdP (saml, oidc) | ------- | db  |
+          |         |                  |          -----
+          |         --------------------
+          |         | :http   | :grpc  | (use declarative_policy)
+          |         --------------------
+          |                     A
+     --------------             |
+     |            |             |
+     V            V             |
+   ------    ------------       |
+   | UI |    | REST API |-------|
+   ------    ------------
+                  |
+                  V
+                _____
+               (_____)
+               | db  |
+               -------
+
+[UI]: ui.example.com
+[REST API]: api.example.com
+[IdP]: idp.example.com
+```
+
+I have ommitted TLS, RS256 from the prototype to offload the decision of key
+management and rotation. See [smallstep](https://smallstep.com/docs/step-cli/)
+for PKI management.
+
 ## Getting Started
 
 1. Install tools: