* People (via browser, or perhaps command line tool)
* Compute process talking to another computer process.
-In larger systems, it is atypical to have just one connection, but will the call initiated by the initial actor will cause additional calls after it. Thus, we demonstrate both a client call, and a subsequent call in the following:
+In larger systems, it is a typical to have just one connection, but will the call initiated by the initial actor will cause additional calls after it. Thus, we demonstrate both a client call, and a subsequent call in the following:
Thus, the essential building blocks of any networked system is made up of a caller and any subsquent calls.
Encryption is provided by HTTP/S with the TLS 1.2+ protocol. Lesser protocols can also be added, but it is highly recommended that the protocol go no lower than TLS 1.1
+ALL components of AAF are accessible only by HTTP/S (service, locate, oauth, gui, certman), EXCEPT the component "FS".
+
+FS *must* be HTTP, because it is responsible for being accessible DURING the TLS process for recent RCLs. (Revocation lists). Since it is part of the TLS process, it cannot be TLS itself.
+
.. image:: images/SecurityArchBasic_TLS.svg
:width: 70%
:align: center
The Organization
----------------
-AAF is only a tool to reflect the Organization it is setup for. AAF does not, for instance, know what IDs are acceptable to a particular company. Every Organization (or Company) will also likely have its own Certificate Authority and DNS. Most importantly, each Organzation will have a hierarchy of who is responsible for any give person or application.
+AAF is only a tool to reflect the Organization it is setup for. AAF does not, for instance, know what IDs are acceptable to a particular company. Every Organization (or Company) will also likely have its own Certificate Authority and DNS. Most importantly, each Organization will have a hierarchy of who is responsible for any give person or application.
* AAF's Certman connects to the Organization's CA via SCEP protocol (Others can be created as well)
* AAF ties into the Organizational hierarchy. Currently, this is through a feed of IDs and relationships.