A3 Provider

This component has three main functions:

  1. Authenticate an incoming login that can be among others a broker account or an administrative user

  2. Authorize various actions for the authenticated party

  3. And finally, make an Audit record for the demanded or executed actions.

The following illustration shows the internal subcomponents.

A3 Provider component

A3 Provider component

The A3 Provider component uses a distributed fast-write database (Apache Cassandra) to store audit records. The A3 Provider will be queried for any action an identity is about to perform in the system, and it stores an audit entry for that action with some information attached describing the nature of the action, the executor identity, timestamp, and the session details.

The component uses a durable replicated Redis Cache to store session tokens and other session-related information. The A3 Provider can use other OAuth 2.0 and OpenID-compatible SSO services to authenticate users and authorize various actions.