Secure Connectivity Framework

The Secure Connectivity Framework is the combination of several components which enable secure access to Thredd’s resources, using a common identity store. The main components are:

CloudEntity — a Software as a Service (SaaS) capability which acts as the Identity Provider (IDP) for Thredd’s interfaces (including Thredd CA and Thredd Portal), and as an OAuth OpenID Provider (OP) for the registration and management of customer applications, generation and validation of access tokens, and for the enforcement of access control policies.
Thredd CA — This is Thredd's Certificate of Authority that is a SaaS capability for the creation and management of certificates:
- Transport Certificates — for establishing secure connections between resources.
- Signing Certificates — for the creation of signed messages, used for authentication of clients, and non-repudiation and authentication of notifications.
mTLS Termination — on-premise infrastructure enabling the establishment of Trust Chains when clients present Thredd-issued Transport Certificates at the point of attempting to connect to protected resources.

Thredd's Trust Framework

Figure: Secure Connectivity Framework Architecture

For more information, see the Connecting to Thredd Guide.

For more information on Secure Connectivity Framework, see the Secure Connectivity Framework product sheet.