MicrosoftDocs
diff --git a/‎articles/managed-ccf/application-scenarios.md
Lines changed: 50 additions & 0 deletions b/‎articles/managed-ccf/application-scenarios.md
Lines changed: 50 additions & 0 deletions
diff --git a/‎articles/managed-ccf/breadcrumb/toc.yml
Lines changed: 7 additions & 0 deletions b/‎articles/managed-ccf/breadcrumb/toc.yml
Lines changed: 7 additions & 0 deletions
diff --git a/‎articles/managed-ccf/confidential-consortium-framework-overview.md
Lines changed: 57 additions & 0 deletions b/‎articles/managed-ccf/confidential-consortium-framework-overview.md
Lines changed: 57 additions & 0 deletions
diff --git a/‎articles/managed-ccf/faq.yml
Lines changed: 67 additions & 0 deletions b/‎articles/managed-ccf/faq.yml
Lines changed: 67 additions & 0 deletions
@@ -0,0 +1,50 @@
+---
+title: Azure Managed Confidential Consortium Framework application scenarios
+description: An overview of the application scenarios enabled by Azure Managed CCF.
+services: managed-confidential-consortium-framework
+author: msftsettiy
+ms.service: confidential-ledger
+ms.topic: overview
+ms.date: 09/28/2023
+ms.author: settiy
+
+---
+# Azure Managed Confidential Consortium Framework application scenarios
+
+The Confidential Consortium Framework (CCF) is an open-source framework for building secure, highly available, and performant applications that focus on multi-party compute and data. CFF uses the power of trusted execution environments (TEE, or enclave), decentralized systems concepts, and cryptography, to enable enterprise-ready multiparty systems. CCF is based on industry standard web technologies that allows clients to interact with CCF aware applications over HTTPS.
+
+The framework runs exclusively on hardware-backed secure enclaves, a heavily monitored and isolated runtime environment that keeps potential attacks at bay. It also runs on a minimalistic Trusted Computing Base (TCB) and limits the operator's role.
+
+Following are a few example application scenarios that CCF enables.
+
+## Decentralized Role Based Access Control(RBAC)
+
+A CCF application enables its members to run a confidential system with attested components to propose and approve changes without a single party holding all the power. Organizations have invested time and resources to build and operate Line of Business (LOB) applications that are critical to the smooth operation of their business. Many organizations want to implement confidentiality and decentralized governance in the LOB applications but are at a gridlock when deciding between day-to-day operation vs. funding new research and development.
+
+A recommended approach is to deploy the LOB application on an Azure Confidential Compute offering like an [Azure Confidential VM](../confidential-computing/confidential-vm-overview.md) or [Azure Confidential Containers](../confidential-computing/confidential-containers.md), which requires minimal to no changes. Specific parts of the application requiring multi-party governance can be offload to Managed CCF.
+
+Due to several recent breaches in the supply chain industry, organizations are exploring ways to increase visibility and auditability into their manufacturing process. On the other hand, consumer awareness on unfair manufacturing processes and mistreatment of workforce has increased.  In this example, we describe a scenario that tracks the life of coffee beans from the farm to the cup. Fabrikam is a coffee bean roaster and retailer. It hosts an existing LOB web application that is used by different personas like farmers, distributors, Fabrikam's procurement team and the end consumers. To improve security and auditability, Fabrikam deploys the web application to an Azure Confidential VM and uses decentralized RBAC managed in Managed CCF by a consortium of members.
+
+A sample [decentralized RBAC application](https://github.com/microsoft/ccf-app-samples/tree/main/decentralize-rbac-app) is published in GitHub for reference.
+
+## Data for Purpose
+
+A CCF application enables multiple participants to share data confidentially for specific purposes by trusting only the hardware (TEEs). It can selectively reveal aggregated information or selectively reveal raw data to authorized parties (for example, regulator).
+
+A use case that requires aggregation tied with confidentiality is data reconciliation. It is a common and frequent action in the financial services, healthcare and insurance domains. In this example, we target the healthcare industry. Patient data is generated, consumed and saved across multiple providers like the physician's offices, hospitals and insurance providers. It would be prudent to reconcile the patient data from the different sources to derive useful insights that could throw light into the effectiveness of the prescribed drugs and alter course if needed. However, due to industry and governmental regulations and privacy concerns, it is hard to share data in the clear.
+
+A CCF application is a good fit for this scenario as it guarantees confidentiality and auditability of the transactions. A sample [data reconciliation application](https://github.com/microsoft/ccf-app-samples/tree/main/data-reconciliation-app) is published in GitHub. It ingests data from three sources, performs aggregation inside a TEE and produces a report that summarizes the similarities and the differences in the data.
+
+## Transparent System Operation
+
+CCF enables organizations to operate a system where users can independently confirm that it is run correctly. Organizations can share the CCF source code for users to audit both the system’s governance and application code and verify that their transactions are handled according to expectations.
+
+Auditability is one of the core tenants of the financial services industry. The various government and industry standards emphasize periodic audits of the processes, practices and services to ensure that customer data is handled securely and confidentially at all times. When it comes to implementation, confidentiality and auditability are at odds. CCF applications can play a significant role in breaking this barrier. By using receipts, auditors can independently verify the integrity of transactions without accessing the online service. Refer to the [Audit](https://microsoft.github.io/CCF/main/audit/index.html) section in the CCF documentation to learn more about offline verification.
+
+A sample [banking application](https://github.com/microsoft/ccf-app-samples/tree/main/banking-app) is published in GitHub to demonstrate auditability in CCF applications.
+
+## Next steps
+
+- [Quickstart: Deploy an Azure Managed CCF application](quickstart-deploy-application.md)
+- [Quickstart: Azure CLI](quickstart-python.md)
+- [FAQ](faq.yml)
@@ -0,0 +1,7 @@
+- name: Azure
+  tocHref: /azure/
+  topicHref: /azure/index
+  items:
+  - name: Managed CCF
+    tocHref: /azure/
+    topicHref: /azure/managed-ccf/index
@@ -0,0 +1,57 @@
+---
+title: Learn about the Confidential Consortium Framework
+description: An overview of Confidential Consortium Framework.
+services: managed-confidential-consortium-framework
+author: msftsettiy
+ms.service: confidential-ledger
+ms.topic: overview
+ms.date: 09/28/2023
+ms.author: settiy
+
+---
+
+# Overview of Confidential Consortium Framework
+
+The Confidential Consortium Framework (CCF) is an open-source framework for building secure, highly available, and performant applications that focus on multi-party compute and data. CCF leverages the power of trusted execution environments (TEE, or enclave), decentralized systems concepts, and cryptography, to enable enterprise-ready multiparty systems. CCF is based on industry standard web technologies that allows clients to interact with CCF aware applications over HTTPS.
+
+The following diagram shows a basic CCF network made of three nodes. All nodes run the same application code inside an enclave. The effects of user (business) and member (governance) transactions are eventually committed to a replicated, encrypted ledger. A consortium of members is in charge of governing the network.
+
+## Core Concepts
+
+### Network and Nodes
+
+A CCF network consists of several nodes, each running on top of a Trusted Execution Environment (TEE), such as Intel SGX. A CCF network is decentralized and highly available. Nodes are run and maintained by Operators. However, nodes must be trusted by the consortium of members before participating in a CCF network.
+
+To learn more about the operators, refer to the [Operators](https://microsoft.github.io/CCF/main/operations/index.html) section in the CCF documentation.
+
+### Application
+
+Each node runs the same application, written in JavaScript. An application is a collection of endpoints that can be triggered by trusted Users' HTTP commands over TLS. Each endpoint can mutate or read the in-enclave-memory Key-Value Store that is replicated across all nodes in the network. Changes to the Key-Value Store must be agreed by at least a majority of nodes before being applied.
+
+The Key-Value Store is a collection of maps (associating a key to a value) defined by the application. These maps can be private (encrypted in the ledger) or public (integrity-protected and visible by anyone that has access to the ledger).
+
+As all the nodes in the CCF network can read the content of private maps, the application logic must control the access to such maps. As every application endpoint has access to the user identity in the request, it is easy to implement an authorization policy to restrict access to the maps.
+
+To learn more about CCF applications and start building it, refer to the [Get Started](get-started.md) page.
+
+### Ledger
+
+All changes to the Key-Value Store are encrypted and recorded by each node of the network to disk to a decentralized auditable ledger. The integrity of the ledger is guaranteed by a Merkle Tree whose root is periodically signed by the current primary or leader node.
+
+Find out how to audit the CCF ledger in the [Audit]https://microsoft.github.io/CCF/main/audit/index.html) section in the CCF documentation.
+
+### Governance
+
+A CCF network is governed by a consortium of members. The scriptable Constitution, recorded in the ledger, defines a set of rules that members must follow.
+
+Members can submit proposals to modify the state of the Key-Value Store. For example, members can vote to allow a new trusted user to issue requests to the application or to add a new member to the consortium.
+
+Proposals are executed only when the conditions defined in the constitution are met (for example, a majority of members have voted favorably for that proposal).
+
+To learn more about the customizable constitution and governance, refer to the [Governance](https://microsoft.github.io/CCF/main/governance/index.html) section in the CCF documentation.
+
+## Next steps
+
+- [Quickstart: Azure portal](quickstart-portal.md)
+- [Quickstart: Azure CLI](quickstart-python.md)
+- [FAQ](faq.yml)
@@ -0,0 +1,67 @@
+### YamlMime:FAQ
+metadata:
+  title: Frequently asked questions - Azure Managed Confidential Consortium Framework 
+  description: Get answers to frequently asked questions about Azure Managed Confidential Consortium Framework
+  services: managed-ccf
+  author: msmbaldwin
+  tags: azure-resource-manager
+  
+  ms.service: managed-ccf
+  ms.topic: faq
+  ms.date: 09/15/2023
+  ms.author: mbaldwin
+title: Azure Managed CCF FAQ
+summary: This article answers frequently asked questions about Azure Managed Confidential Consortium Framework.
+
+sections:
+  - name: General
+    questions:
+      - question: |
+          Where can I learn about the Confidential Consortium Framework? 
+        answer: |
+          The [open-source Confidential Consortium Framework (CCF) website](https://ccf.dev) is a good place to learn about the technology, the benefits. In addition, check out [the CCF documentation](https://microsoft.github.io/CCF/main/overview/index.html) to begin building your CCF-aware applications that you can run on Azure Managed Confidential Consortium Framework. 
+          
+      - question: |
+          What can I do with the Azure Managed Confidential Consortium Framework? 
+        answer: |
+          You can build applications with governance controls on data that can benefit from confidential centralized computing. Imagine a network where multiple parties agree on the code that will be run for an application, each owns their data, and only shares data related summaries or selectively reveals part of the data when conditions are met. Transactions on the network remain auditable through a ledger. 
+          
+      - question: |
+          Is this similar to Distributed Ledger Technology?
+        answer: |
+          Distributed Ledger Technology(DLTs) and CCF technologies support similar use cases and scenarios, have similar concepts like merkle tree, ledger, fault tolerance etc., though differ in how trust is established. Particularly, CCF based technologies utilize centralized computation via hardware-based Trusted Execution Environments to establish trust in the network, thereby enhancing the governance controls experience on the network. For more information, please read our [Architecture documentation](https://microsoft.github.io/CCF/main/architecture) to learn about core concepts. 
+      
+      - question: |
+          I have an existing application that I can deploy into an Azure Confidential compute offering with minimal effort. What are the benefits of developing applications targeting Azure Managed CCF?
+        answer: |
+          Applications running on Managed CCF provide benefits of governance and traceability because they are run in a trusted execution environment and benefit from the following additional functionality provided by the Confidential Consortium Framework.
+
+            - High availability from running across a crash-fault tolerant network of nodes.
+            - Rules-based multi-party governance and disaster recovery.
+            - Auditability and rollback protection through the tamper-proof transaction ledger.
+            - Transferrable statements via transaction receipts.
+
+      - question: |
+          Can existing blockchain applications work with Azure Managed CCF?
+        answer: |
+          Yes, it can. A bridge application can be built and used to integrate a public chain to an application deployed on Azure Managed CCF.
+
+      - question: |
+          Does Azure Managed CCF support identity and access management(IAM) services like Microsoft Entra ID?
+        answer: |
+          Yes, it does. Refer to [JWT Authentication](https://microsoft.github.io/CCF/main/build_apps/auth/jwt.html) guide on the CCF documentation page to learn about configuring identity providers.
+      
+      - question: |
+          Are there CCF application samples that I could refer to? 
+        answer: |
+          Yes, there are a few published code samples [Decentralized RBAC, Data Reconciliation and Banking](https://github.com/microsoft/ccf-app-samples) in GitHub for reference. 
+
+      - question: |
+          Where do I begin? 
+        answer: |
+          You can use the instructions in the [Get started](get-started.md) guide to begin developing applications.
+      
+      - question: |
+          How much does it cost?
+        answer: |
+          Refer to the Azure pricing page [here](https://azure.microsoft.com/pricing).