Security on Layer5 Documentation

Keychains

Mon, 01 Jan 0001 00:00:00 +0000

In Layer5 Cloud, a collection of permissions is represented as a keychain. One or more keychains can are grouped together and assigned to a role. Later, a role can be assigned to a user. This is the general flow of how keychains are assigned to a user.

For instance, consider a system shipped default keychain Team Management, which is a collection of eight keys: View All Teams, Add User to Team, Invite User to Team, Remove User from Team, Create Team, Delete Team, Remove User Role from Team, and Assign User Role in a Team. This implies that you can perform all these operations only if your user account possesses a role to which Team Management keychain is assigned in a given organization.

Keys

Mon, 01 Jan 0001 00:00:00 +0000

In Layer5 Cloud, permissions are represented as keys, each serving as a unique identifier for a specific permission. One or more keys can be grouped together and assigned to a keychain. Then this keychain can be assigned to a role and that role can be assigned to a user. This is the general flow of how keys are assigned to a user.

For instance, consider a system shipped default key Create Organization, which corresponds to the permission to create an organization in the Cloud. This implies that to create an organization, you need to have Create Organization key assigned to a keychain, which, in turn, is assigned to a role that’s associated with your user account for a given organization.

Sessions

Mon, 01 Jan 0001 00:00:00 +0000

What sessions are 🔗

A session represents a user authenticated connection to Layer5 Cloud. Sessions are created each time a user successfully authenticates. Sessions expire after a period of 24 hours. Before reaching their expiration time, sessions can be refreshed by an associated refresh token, which is also automatically generated at the time a user authenticates (at the same time that the adjoining session token is generated). Refresh token have an expiration period of 36 hours. Active sessions are automatically refreshed (kept alive) by the refresh token until such time as the refresh token expires, and subsequently, the session token expires thereafter.

Tokens

Mon, 01 Jan 0001 00:00:00 +0000

What tokens are 🔗

For authentication and authorization, a token is a digital object that contains information about the identity of the principal making the request and what kind of access they are authorized for. In most authentication flows, the application—or a library used by the application—exchanges a credential for a token, which determines which resources the application is authorized to access.

Access tokens 🔗

Layer5 Cloud REST API uses OAuth 2.0 for authentication and authorization. OAuth 2.0 is a standard protocol for authorization and focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on.