This document describes the security architecture of ReadyStackGo.
- Initial Setup Security - Security during initial setup
- Authentication (Local + OIDC)
- Authorization (Roles)
- JWT Tokens
- TLS
- Configuration Protection
- Local Admin (Wizard)
- Later OIDC (Keycloak, ams.identity, etc.)
adminoperator
Roles control access to endpoints.
JWT-based, with claims:
subroleexp