Introducing v1.3 of the Common Security Architecture for Production (CSAP)
As developers learn about implementing CSAP, their feedback helps us refine the CSAP architecture and we are now publishing CSAP version 1.3.
This round of changes is modest but we feel it makes the architecture cleaner and easier to understand how to implement it.
Below is a summary of the key changes from version 1.2:
The functions of the Asset Protection Service have been merged into the Authorization Service
There is no change in functionality because of this amendment but it is becoming clear that managing asset access authorizations is a core role of the authorization service and should not be a separate function.
The distinction between the supporting components Trust Inference and Continuous Trust Validation has been removed.
The market is showing that continuous trust validation is part of the trust engine in authentication systems that provide trust inference. The v1.3 architecture simply shows trust inference in the supporting security components. There is no change in functionality, we have simply removed what has become an unnecessary distinction.
The official Visual Language representation of CSAP has changed
We think our new representation makes it easier to understand that CSAP is a collection of services that provide the functionality necessary for CSAP to support the 3 levels of security. The three services of authorization, authentication and the authorization rule distribution that make up the CSAP core components are now shown as services within a CSAP infrastructure shape.
Similarly, we are representing the CSAP support components as seven services within an infrastructure shape (see the Visual Language to see how Infrastructure and Services are quickly identifiable with Shapes and Icons).
Put those together along with a couple of new Visual Language security icons and the new CSAP Overview diagram looks like this:
