summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormo khan <mo@mokhan.ca>2025-03-05 17:40:06 -0700
committermo khan <mo@mokhan.ca>2025-03-05 17:40:06 -0700
commit44ad2cca852adc6a344f4b357ff7727bb72c3a6c (patch)
tree209893e01335f6cf36dfe164f0f4766e81d7c651
parent6300c4130099b016c7dd3bfcb17d541e77d79d72 (diff)
docs: add architecture diagram to README
Diffstat
-rw-r--r--README.md48
1 files changed, 48 insertions, 0 deletions
diff --git a/README.md b/README.md
index 5e24c3b..ebab0c5 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,54 @@ Below is a recording of a SAML based service provider initiated login, displayin
![SAML Login](./screencast.webm)
+## Architecture
+
+```plaintext
+ -------------
+ | user-agent |
+ -------------
+ |
+ |
+ V
+----------------|:8080|----------------------------------------
+ |
+ V
+ ---------------
+ | API Gateway | (use casbin to evict early)
+ ---------------
+ |
+ |---------|------| (reverse proxy and injects context headers)
+ | |
+ | V -----
+ | -------------------- (_____)
+ | | IdP (saml, oidc) | ------- | db |
+ | | | -----
+ | --------------------
+ | | :http | :grpc | (use declarative_policy)
+ | --------------------
+ | A
+ -------------- |
+ | | |
+ V V |
+ ------ ------------ |
+ | UI | | REST API |-------|
+ ------ ------------
+ |
+ V
+ _____
+ (_____)
+ | db |
+ -------
+
+[UI]: ui.example.com
+[REST API]: api.example.com
+[IdP]: idp.example.com
+```
+
+I have ommitted TLS, RS256 from the prototype to offload the decision of key
+management and rotation. See [smallstep](https://smallstep.com/docs/step-cli/)
+for PKI management.
+
## Getting Started
1. Install tools:
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 15:23:02 +0000