SPEKTRA Edge IAM Service Design

Service iam.edgelq.com plays one of the central parts of the SPEKTRA Edge platform, in charge of authentication and authorization. It enables multi-tenant and multi-service environments. By default, Goten does not come with authentication and authorization feature, only IAM fills this hole and allows services to work with each other without trust.

IAM Concepts, Actors, Role management, and Tenant management should be already known from the user guide, customizations, and basic usage of Authenticator, Authorizer, and Authorization middleware, from the developer guide. This document dives more into details about what is happening in the unique components provided by the IAM service. It is assumed reader can understand the general and standard structure of the IAM codebase at this point, located in the directory iam in the SPEKTRA Edge repository.

We will focus here not so much on IAM service but in big part on what IAM provides. Authenticator and Authorizer are modules provided by IAM but are linked in during each server compilation. Therefore, each API server of any backend service has these in its runtime.