Update markdown files

Author: ldclakmal

README.md

@@ -18,17 +18,22 @@ The examples, use-cases, demos, resources related to microservices security patt
 [![stars](https://img.shields.io/github/stars/ldclakmal/ballerina-security?style=social)](https://github.com/ldclakmal/ballerina-security)
 [![followers](https://img.shields.io/github/followers/ldclakmal?style=social)](https://github.com/ldclakmal)
 
-### Examples
+### Project Structure
 
-- [HTTP client and service examples secured with different auth mechanisms](https://github.com/ldclakmal/ballerina-security/tree/master/examples/http)
-- [gRPC client and service examples secured with JWT auth mechanism](https://github.com/ldclakmal/ballerina-security/tree/master/examples/grpc)
-- [WebSocket client and service examples secured with JWT auth mechanism](https://github.com/ldclakmal/ballerina-security/tree/master/examples/websocket)
-- [WebSub hub, publisher and subscriber examples secured with JWT auth mechanism](https://github.com/ldclakmal/ballerina-security/tree/master/examples/websub)
+#### [Test Suite](./test-suite)
 
-### Scenarios
+This section demonstrates an automated Ballerina security test-suite which contains authentication and authorization related integration scenarios and Ballerina by examples (BBEs). These tests run on demand with the provided Ballerina version in GitHub secrets. Refer to the [workflow](https://github.com/ldclakmal/ballerina-security/actions).
 
-- [Simple inventory management system](https://ldclakmal.me/ballerina-security/scenarios/scenario-1/)
-- [Advanced inventory management system](https://ldclakmal.me/ballerina-security/scenarios/scenario-2/)
+[![BBE](https://github.com/ldclakmal/ballerina-security/actions/workflows/bbe.yml/badge.svg)](https://github.com/ldclakmal/ballerina-security/actions/workflows/bbe.yml)
+[![Integration](https://github.com/ldclakmal/ballerina-security/actions/workflows/integration.yml/badge.svg)](https://github.com/ldclakmal/ballerina-security/actions/workflows/integration.yml)
+
+#### [Examples](./examples)
+
+This section demonstrates the examples with authentication and authorization for different transport protocols supported by Ballerina. The client and servers are secured with different auth protocols.
+
+#### [Scenarios](./scenarios)
+
+This section demonstrates the real-world scenarios which has authentication and authorization requirements and how that can be supported with Ballerina.
 
 ### Guides & Documentations
 

examples/README.md

@@ -1,9 +1,9 @@
 # Ballerina Security Examples
 
-This directory contains the example scenarios written by [Ballerina](https://ballerina.io) programming language for different protocols supported.
+This section demonstrates the examples with authentication and authorization for different transport protocols supported by Ballerina. The client and servers are secured with different auth protocols.
 
-1. [HTTP](./http)
-2. [gRPC](./grpc)
-3. [WebSocket](./websocket)
-4. [WebSub](./websub)
-5. [NATS](./nats)
+1. [HTTP](https://github.com/ldclakmal/ballerina-security/tree/master/examples/http)
+2. [gRPC](https://github.com/ldclakmal/ballerina-security/tree/master/examples/grpc)
+3. [WebSocket](https://github.com/ldclakmal/ballerina-security/tree/master/examples/websocket)
+4. [WebSub](https://github.com/ldclakmal/ballerina-security/tree/master/examples/websub)
+5. [NATS](https://github.com/ldclakmal/ballerina-security/tree/master/examples/nats)

scenarios/README.md

@@ -1,15 +1,21 @@
 # Ballerina Security Scenarios
 
-This directory contains the real-world scenarios written by [Ballerina](https://ballerina.io) programming language.
+This section demonstrates the real-world scenarios which has authentication and authorization requirements and how that can be supported with Ballerina.
 
-### [Scenario 1](./scenario-1)
+### [Ballerina Secure Token Service (STS)](./sts)
+
+Ballerina STS which supports OAuth2 token issuing and validation.
+
+Refer to the [README](./sts/README.md) for more information.
+
+### [Simple inventory management system](./scenario-1)
 
 Simple inventory management system, with 2 secured microservices, and a secured API gateway, which connects to an LDAP user store and trusts OAuth2 authorization server.
 
-User `Jane`, the admin, connects to `Admin Microservice` through the REST API of API gateway using HTTPS for management purposes. User `Alice`, a customer, connects to `Inventory Microservice` through the REST API of API gateway using HTTPS for purchasing items. All the APIs are authenticated with different types of authentication mechanisms such as basic auth, JWT auth, OAuth2 etc. and secured with TLS as well. Refer to the [diagram](./scenario-1/scenario-1.png) and [README](./scenario-1/README.md) for more information.
+Refer to the [diagram](./scenario-1/scenario-1.png) and [README](./scenario-1/README.md) for more information.
 
-### [Scenario 2](./scenario-2)
+### [Advanced inventory management system](./scenario-2)
 
 Advanced inventory management system, with 4 secured microservices, and a secured API gateway, which connects to an LDAP user store and trusts OAuth2 authorization server.
 
-User `Jane`, the admin, connects to `Admin Microservice` through the REST API of API gateway using HTTPS for management purposes. User `Alice`, a customer, connects to `Inventory Microservice` through the REST API of API gateway using HTTPS for purchasing items. User `Bob`, another customer, connects to `Inventory Microservice` through the GraphQL API of API gateway using HTTPS for searching items. `Electronic` and `Fashions` microservices are connected to `Inventory Microservice` and can be accessed via gRPC APIs. All the HTTP, GraphQL, gRPC APIs are authenticated with different types of authentication mechanisms such as basic auth, JWT auth, OAuth2 etc. and secured with TLS as well. Refer to the [diagram](./scenario-2/scenario-2.png) and [README](./scenario-2/README.md) for more information.
+Refer to the [diagram](./scenario-2/scenario-2.png) and [README](./scenario-2/README.md) for more information.

scenarios/sts/README.md

@@ -0,0 +1,32 @@
+# Ballerina STS
+
+Ballerina Secure Token Service (STS) which supports OAuth2 token issuing and validation. This is published into Docker Hub as well.
+
+![Docker Pulls](https://img.shields.io/docker/pulls/ldclakmal/ballerina-sts)
+
+### How to run
+
+In order to run this in local machine, we need to have [Ballerina Swan Lake Alpha 5](https://ballerina.io/downloads/) installed.
+
+- Run as a container: `$ docker run -p 9090:9090 ldclakmal/ballerina-sts`
+- Run using source code: `$ bal run ballerina-sts.bal`
+
+### How to test
+
+- Get an access-token with a scope:
+
+    ```shell
+    curl -kv -u FlfJYKBD2c925h4lkycqNZlC2l4a:PJz0UhTJMrHOo68QQNpvnqAY_3Aa -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -d "grant_type=client_credentials&scope=view-order" https://localhost:9090/oauth2/token
+    ```
+
+- Refresh an access-token with a scope:
+
+    ```shell
+    curl -kv -u 3VTwFk7u1i366wzmvpJ_LZlfAV4a:TNOH0ZklJm8sqS9U3IMMAZVth78a -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -d "grant_type=refresh_token&refresh_token=<ACCESS_TOKEN>&scope=view-order" https://localhost:9090/oauth2/token
+    ```
+
+- Validate an access-token:
+
+    ```shell
+    curl -kv -u admin:admin -H 'Content-Type: application/x-www-form-urlencoded' -X POST --data 'token=<ACCESS_TOKEN>' https://localhost:9090/oauth2/introspect
+    ```

test-suite/README.md

@@ -3,7 +3,45 @@
 
 # Ballerina Security Test Suite
 
-This is an automated Ballerina security test suite which contains authentication and authorization related scenarios. These tests run on demand with the provided Ballerina version.
+This section demonstrates an automated Ballerina security test-suite which contains authentication and authorization related integration scenarios and Ballerina by examples (BBEs). These tests run on demand with the provided Ballerina version in GitHub secrets. Refer to the [workflow](https://github.com/ldclakmal/ballerina-security/actions).
+
+### Directory Structure
+
+```shell
+test-suite
+|
+|__ packages
+|   |__ bbe
+|   |   |__ access-control
+|   |   |   |__ basic-auth-file-store
+|   |   |   |__ basic-auth-ldap-store
+|   |   |   |__ jwt-auth
+|   |   |   |__ oauth2-bearer-token
+|   |   |   |__ oauth2-client-credentials-grant
+|   |   |   |__ oauth2-password-grant
+|   |   |   |__ oauth2-refresh-token-grant
+|   |   |
+|   |   |__ security
+|   |   |   |__ crypto
+|   |   |   |__ url
+|   |   |   |__ jwt
+|   |
+|   |__ integration
+|   |   |__ basic-auth-file-store
+|   |   |__ basic-auth-ldap-store
+|   |   |__ jwt-auth
+|   |   |__ oauth2
+|   |   
+|   |__ resources
+|
+|__ scripts
+    |__ bbe
+    |   |__ access-control
+    |   |__ security
+    |
+    |__ integration
+    |__ resources
+```
 
 ### Secured services
 
@@ -14,7 +52,7 @@ This is an automated Ballerina security test suite which contains authentication
 
 ##### Steps:
 1. User configurations are defined in `Config.toml`
-2. Ballerina service is secured with Basic Auth with file user store.
+2. Ballerina service is secured with Basic Auth with file user store. Inbound tokens are validated with the user store configured in `Config.toml`.
 3. CURL client send requests to Ballerina service.
 
 #### 2. Basic Auth - LDAP user store
@@ -25,7 +63,7 @@ This is an automated Ballerina security test suite which contains authentication
 
 ##### Steps:
 1. User configurations are provided to OpenLDAP server with `.ldif`
-2. Ballerina service is secured with Basic Auth with LDAP user store. Inbound tokens are validated with the OpenLDAP server.
+2. Ballerina service is secured with Basic Auth with LDAP user store. Inbound tokens are validated with the user store defined in OpenLDAP server.
 3. CURL client send requests to Ballerina service.
 
 #### 3. JWT Auth
@@ -37,8 +75,7 @@ This is an automated Ballerina security test suite which contains authentication
 
 ##### Steps:
 1. Service providers are defined in WSO2 IS STS.
-2. Ballerina service is secured with JWT Auth. Inbound tokens are validated by Ballerina with the use of configurations
- provided by WSO2 IS STS.
+2. Ballerina service is secured with JWT Auth. Inbound tokens are validated by Ballerina with the use of configurations provided by WSO2 IS STS.
 3. CURL client send request to WSO2 IS STS and get the JWT.
 4. CURL client send requests to Ballerina service with the received JWT.