zero trust service platform
tdx Volt is a platform that provides the ability to securely share services, structured data, files, and analytics in a peer-to-peer, decentralised fashion. A tdx Volt gives you complete control over access to all of your services, data and resources.
icon

Distributed Identity

Fully distributed identity suitable for cloud and peer to peer. Backed with strong crypto.

icon

Service Management

Publish and consumer services via gRPC, sockets, REST and wire.

Extensible Claims

Verifiable credential backed claims system for implementing zero trust modes.

Smart Policy

Define access control through smart policy framework.

Tunnelling

Securely tunnel access through p2p and cloud endpoints.

Encryption

Data encrypted at rest for all operations. Multiple options for key management 
fundamentals
security policy

The security policy is attribute-based and borrows heavily from the XACML standard in terms of functionality. It provides an extremely versatile and extensible framework for controlling who can access what and when. For example it is possible to express rules such as ‘Nick can access my geolocation service and view my current location between 9am – 5pm Monday to Friday’.

Learn more about the security policy.

identity management
Identities are centred around asymetrical cryptography in the form of public/private key pairs. They form the bedrock of the tdx Volt infrastructure. Security policy rules are expressed in terms of permitting or denying resource access to one or more identities.
Client Authentication Server Authentiation Supported Notes
certificate certificate yes This is the default configuration in which mutual certificate authentication is used
certificate + token certificate yes The client provides both a certificate and JWT.
token certificate yes The client only presents a JWT with no client certificate. This is useful in scenarios where storing a private key is impractical
none certificate no The client must always provide some authentication
certificate none no The server must always present a certificate.
token none no The server must always present a certificate.
none none no Insecure
Kind Description
tdx:cloud-connection Represents a connection to a cloud-based tunnel.
tdx:database A database.
tdx:group A group of identities.
tdx:http-proxy An HTTP forward proxy resource.
tdx:http-server An HTTP server resource.
tdx:identity An identity resource.
tdx:service The top-level service kind.
tdx:sqlite-database A sub-kind of Database, representing an Sqlite database.
tdx:sqlite-server SqliteServer
tdx:symbolic-link A file or folder that is linked directly to the local file system.
tdx:volt-link Used by the fusebox to store links to other Volts
tdx:web-view Used by the fusebox to display web pages. Experimental, macOS only.
tdx:wire A wire resource.
resource management

A resource is the fundamental entity in the tdx Volt. Various kinds of resource exist out of the box, including services, folders, files, and databases. Custom resource types are also supported. A simple, clean hierarchical taxonomy is used to classify resources. A single file or entire folder hierarchies can easily be uploaded or linked to the tdx Volt and made available from anywhere, given the correct authentication and authorisation as determined by the security policy. Databases can quickly be created and data ingested using a drag-and-drop interface. This too can then be made available for reading or writing anywhere using the appropriate security policy rules.

Learn more about tdx Volt resources.

service registration & discovery
One of the main functions of the tdx Volt is to allow services to be registered, shared, discovered and accessed by others. Once an identity has successfully bound and connected to the tdx Volt it can register a service for others to discover, and/or discover and utilise services that others have registered. This is all strictly governed by the security policy imposed by the tdx Volt owner.