diff options
Diffstat (limited to 'share/man/README.md')
| -rw-r--r-- | share/man/README.md | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/share/man/README.md b/share/man/README.md index 72c52028..02d7630e 100644 --- a/share/man/README.md +++ b/share/man/README.md @@ -77,7 +77,7 @@ This is different from Rails where authorization typically happens inside the ap | | | | | v v | | +-------------+ +----------+ | -| | Sparkled | | Go Authzd| | +| | Sparkled | | Authzd | | | | (App) | | (sidecar)| | | +-------------+ +----+-----+ | +==============================|==========+ @@ -94,7 +94,7 @@ This is different from Rails where authorization typically happens inside the ap | | | | v | | +---------------+ | -| | Rust Authzd | | +| | Authzd | | | | (remote) | | | +---------------+ | +========================================+ @@ -141,7 +141,7 @@ User-Agent Envoy(Sparkle) Sparkled GitLab ## Slide 6: Request Flow - Authenticated User ``` -User-Agent Envoy(Sparkle) Go Authzd Rust Authzd +User-Agent Envoy(Sparkle) Sidecar Authzd Remote Authzd | | | | | GET /dashboard | | | | (with cookies) | | | @@ -177,14 +177,14 @@ User-Agent Envoy(Sparkle) Go Authzd Rust Authzd ## Slide 7: The Dual Authzd Architecture -### Current: Go Sidecar + Rust Remote +### Current: Sidecar + Remote ``` +-----------------------------------------------------+ | Docker Container | | | | +---------+ +--------------+ +----------+ | -| | Envoy |--->| Go Authzd | | Sparkled | | +| | Envoy |--->| Authzd | | Sparkled | | | | (local) | | (sidecar) | | (App) | | | +---------+ +------+-------+ +----------+ | | | | @@ -193,13 +193,13 @@ User-Agent Envoy(Sparkle) Go Authzd Rust Authzd | gRPC call (fallback) v +---------------+ - | ENVOY PROXY | + | ENVOY PROXY | | (remote) | +-------+-------+ | v +---------------+ - | Rust Authzd | + | Authzd | | (remote) | +---------------+ ``` @@ -211,7 +211,7 @@ User-Agent Envoy(Sparkle) Go Authzd Rust Authzd | Docker Container | | | | +---------+ +--------------+ +----------+ | -| | Envoy |--->| Rust Authzd | | Sparkled | | +| | Envoy |--->| Authzd | | Sparkled | | | | (local) | | (library) | | (App) | | | +---------+ +------+-------+ +----------+ | | | | @@ -220,7 +220,7 @@ User-Agent Envoy(Sparkle) Go Authzd Rust Authzd | HTTP call (fallback) v +---------------+ - | Rust Authzd | + | Authzd | | (remote) | +---------------+ ``` @@ -239,8 +239,8 @@ User-Agent Envoy(Sparkle) Go Authzd Rust Authzd The OAuth2 and JWT filters shown below may be removed in future versions: -- **Option 1**: Move to Rust authzd's Envoy configuration -- **Option 2**: Implement as code inside Rust authzd +- **Option 1**: Move to Remote authzd's Envoy configuration +- **Option 2**: Implement as code inside Remote authzd - **Goal**: Replace JWT with URT (Unified Request Token) via `ext_authz` ### Current Filter Chain (order matters!) @@ -265,7 +265,7 @@ Each filter processes the request and can: ### **Future Architecture** -This OIDC authentication may move to Rust authzd for centralized token management. +This OIDC authentication may move to Remote authzd for centralized token management. ### Configuration |