-
Notifications
You must be signed in to change notification settings - Fork 0
Security Model
Osvaldo Andrade edited this page Feb 12, 2026
·
2 revisions
This page centralizes Tikti security decisions from the canonical specs.
-
idTokenis HS256 and used for first-party identity operations. -
accessTokenis RS256 and used for resource-server authorization. -
iss,aud,scope,tid,ver, and optionaleventTypesclaims are mandatory according to the token class.
See full contract: Tokens and Keys.
Authorization is deterministic and tenant-aware.
- Tenant context is derived from token and request path.
- Role expansion produces an effective permission set.
- Access is granted only when required scopes are contained in effective scopes for the tenant.
- Global admin override is explicit and auditable.
See algorithm details: Multi-Tenant Authorization.
- Public keys are published through
/.well-known/jwks.json. - Resource servers must validate signature,
iss,aud, expiry, and scope semantics. - Key rotation keeps overlapping validation windows to avoid downtime.
- API key gate protects selected endpoints.
- Secrets (
apiKey,jwtSecret, private keys) must be managed outside source control. - Audit logs must include actor, tenant, action, and trace correlation.
See operational requirements: Operations and SLO.