zero trust service platform
TDX data sharing and analytics
TDX is a next generation database, designed from the ground up to fully integrate security with AI powered high performance analytics. The TDX is designed for real world deployments where data ownership is complex, spread across different organisations; it is designed for impact where workflow and control system integration complement the usual dashboard analytics.
The TDX has been built from the ground up on Zero Trust principles. Based on state-of-the-art PKI framework, security is assured through the entire stack.
A fully distributed platform, the TDX, is not only highly scalable and resilient; it is designed for the real world, where you must integrate across complex, distributed organisational boundaries.
Real world AI deployment: the TDX platform ingests, analyses and most importantly integrates with pre-existing systems with ease. Everying form large scale enterprise, to real time IOT through to dynamic workflow systems.
The platform comes with an integrated application layer. This facilitates the development and deployment of secure vertical applications quick and easily.
The TDX uses strong fully distributed identities. The system prefers W3C Decentralised Identifiers (DIDs), but can work with OAuth, OpenIDConnect and third party identities.
Multiple options are provided for secure storage of private keys, providing optimal but pragmatic end point security.
Multiple identity resolvers supported: local, email, hash based, HTTPS and Hyperledger
Key rotation and identity lifecycle mechanisms supported.
attribute / credential service
Within the TDX system any Volt (TDX node) can issue signed Verifiable Credentials (W3C Verifiable Credentials).
Credential management provides a secure trusted method for sharing information between parties, on a fully distributed basis.
Each Volt becomes essentially its own certificate authority/credential issuer.
Multiple VCs can be aggregated or linked, in order to express complex trusted relationships.
The Volt API provides the ability for any application or service to verify the credentially both locally and using online checks to ensure the information is up to date and has not been overridden or revoked.
Although verifiable credentials are the preferred method of issuing an validating attribute, the system can also be configured to issue X509 certificates or JSON web Tokens.
authentication & authorisation
As a fully distributed platform, each Volt takes responsibility for the authentication and authorization of each client connection.
As a zero trust platform, authentication is rooted on the strong identities provided for users, devices and services. Operational authentication is underpinned by the keys managed by the identity servier. But authentication bootstrap events can be augmented with external authentication systems and be complemented by the verifiable credential system.
Authorization policies can be expressed using an extended and extensible XACML policy frameworks. The Volt Authorization service is fully integrated with W3C DIDs and VCs. Policy decision points and policy information points can be securely delegated, providing an incredibly flexible method of defining and enforcing truly distributed policies.
Volts are fundamentally distributed service management agents, each volt can dynamically advertise and manage services, protected by the volts security framework.
A developer can create an Volt service using any of the following methods
- gRPC server
- REST server
- Command line
Service can be discovered and used using a number of APIs
Using the service management API, the service can be attached to the volt and advertised both locally and globally. Policies can then be defined which determined exactly under what conditions the service is discoverable and usable.
built in services
There is no limit to the number and type of service that can be attached to a Volt. However each volt comes with a suite of built in services to get you started.
The file service attached to a volt addressable file system and makes it available to other volt clients.
An in built SQLlite database service provides an encrypted at rest set of utility functions for creating, managing and querying ad hoc databases. This database can then be made available to other clients via the policy .
The shell services provides remote shell access to the machine on which the volt is hosted. This obviously exposed OS dependent features. Essentially this provides and SSH like service, but mediated through the policy system and accessible through the discovery and proxy services.
A volt wire, provides a secure remote pipe, which can then be used local STDOUT and STDIN. This provide a very flexible system for creating distributed shells and workloads, all mediated with strong security and discoverable both locally and via proxy