Security Functional Area

The Security functional area of Arda Platform’s OAM includes the Authentication and Authorization Management for access to resources and services. It will include aspects like firewalls, Security Groups, etc… as well as the processes to manage secrets.

Secrets Vault

Using 1Password, described in Secrets Vault Store.

Application Authentication and Authorization

For specifications, see the scenarios in:

• Sign-up Workflow
• Sign-up SSO Workflow
• Sign-in Workflow

The design covers:

• Authentication Services with Cognito: Describes the configuration of AWS Cognito for user authentication and management and the values and secrets it exposes.
• Authx Endpoints from Cognito. Note that this is based on standard OAuth2 endpoint documentation and needs to be confirmed and validated for consistency the Arda Platform.
• Application Endpoints for Cognito. Cognito needs information on Url’s and paths to redirect users for login, logout, etc.. This information needs to be provided at the time Cognito is deployed as part of its partition.
• Security Realms, Scopes and User Attributes: A Description of the Configuration of Security Realms for Http Routes, Scopes for OAuth2 and User Attributes to support a basic RBAC system.
• Cognito JWT Payload: Description of the expected JWT structure in the system. Note that this still needs to be confirmed with the system behavior.

---

Copyright: © Arda Systems 2025, All rights reserved

Comments