Components and Services

Authorization, Policy, Entity Resolution, Key Access, and a comprehensive command line are the key elements that make up the OpenTDF platform. These components work together to enforce attribute-based access control, manage cryptographic keys, and support secure data sharing through the use of the Trusted Data Format (TDF).

📄️ Authorization Service

The Authorization service makes access decisions based on Attribute-Based Access Control (ABAC) policies and evaluates subject mappings and attribute definition rules to determine allowed actions on attribute values for specified entities.

🗃️ Core Components

1 item

🗃️ Policy

9 items

🗃️ CLI - otdfctl

9 items

📄️ Entity Resolution Service

The Entity Resolution Service (ERS) is a platform-internal service that produces Entity Representations — normalized views of an entity's identity attributes — for use by the Authorization Service when evaluating Subject Mappings.

📄️ Key Access Service

The Key Access Server (KAS) manages the lifecycle of cryptographic keys and provides access to these keys for the encryption and decryption of TDFs. KAS serves as an out-of-the-box Policy Enforcement Point (PEP) for the OpenTDF platform.