AgileWebs/thalos-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
31e09b2050
thalos-service/docs/architecture/service-orchestration-boundary.md
José René White Enciso dec12f912f feat(thalos-service): add google token exchange orchestration
2026-03-11 04:27:02 -06:00

671 B
Raw Blame History

Thalos Service Orchestration Boundary

Purpose

Constrain thalos-service to orchestration responsibilities after thalos-domain extraction.

Service Responsibilities

  • Coordinate identity use-case flow
  • Delegate policy/token decisions to thalos-domain abstractions
  • Adapt transport contracts
  • Route provider metadata (InternalJwt, AzureAd, Google) between edge/service/dal boundaries
  • Orchestrate Google external-token claim validation through provider-agnostic secret/material boundaries

Prohibited Responsibilities

  • Owning identity decision policies
  • Owning persistence decision concerns
  • Coupling use-cases directly to Vault/cloud provider SDKs