Overview
The platform is carefully designed with the following goals in mind:
- easy management of the data
- extensibility and flexibility
- technology agnostic
- easy to use and maintain
- quick installation
Concept of the platform
It is designed as a microservice architecture with the ability to be flexible in various occasions.
It is based on the principle that the Core is acting as a middleman between the Client and the Connector providing the logic of all operations. The Connector contains the full implementation of a particular technology. It accepts the request from the Core, processes it, and sends back the response in a format the Core can understand. Connector is also designed to be completely independent from other paltform components.
Architecture
The architecture of the platform is based on the following parts:
| Part | Brief description |
|---|---|
| Database | Stores the data. SQL Database is used by default. |
| Core | This is the brain of the platform. It contains the full logic of request processing. |
| Interfaces | Interfaces provided and used by the platform. |
| Connector | Technology implementations that interact with the Core to perform the designated operation on the technology. |
| Access Control | Roles and permissions in the platform. |
| A^2 Engine | A^2 Engine is a component that provides the ability to define and manage attributes. |
| Notifications | Internal and External notifications. |
See the Architecture Overview for more details about the architecture of the platform.
Core Components
The platform consists of the following components:
| Components | Brief description |
|---|---|
| Credential | Stores the credentials for the Connectors. |
| Authority | Authority instances representing access to specific certification authority technology. |
| RA Profile | RA Profile abstracts the configuration of certificate-related attributes and provides a service for the Clients to manage them. |
| Compliance Profile | Collection of rules to be applied on a certificate to determine whether it satisfies the organizational compliance policy |
| Entity | Entity representing the end user of the certificates and cryptographic key. |
| Certificate | Certificate is an inventory object that contains all information about its lifecycle. |
| Group | Grouping allows to manage multiple certificates with the same characteristics. |
| Token | Token instance representing access to specific cryptographic device or technology. |
| Key | Cryptographic key object that can be managed and contains relevant information about its lifecycle. |
| Token Profile | Token Profile abstracts the configuration of cryptographic service for the Clients to request cryptographic operations. |
| Notification | Notification instance representing access to specific notification technology. |
Modules
Platform modules provides the following functionality:
| Module | Brief description |
|---|---|
| Certificate Management | Provides certificate lifecycle management functions. |
| Certificate Inventory | Inventory of all certificates that are consistently visible and managed. |
| Certificate Discovery | Searching for certificates in various sources providing detailed results about discovered certificates. |
| Dashboards | Comprehensive visual dashboard providing quick information about the current certificate inventory state. |
| Key Management | Provides key lifecycle management functions and cryptographic operations. |
| Key Inventory | Inventory of all keys that are consistently visible and managed in technology-agnostic way. |