Concepts

Purpose

This section covers the foundational mental models behind the Keymate platform — authorization models, identity representation, policy lifecycle, organizational hierarchy, token and session governance, and resource modeling. Each subsection explains what a concept is, why it exists, and how it fits into the broader platform.

Who This Section Is For

• Architects designing authorization strategies and multi-Tenant identity models
• Developers integrating with Keymate APIs and building policy logic
• Security engineers evaluating authorization model coverage
• Platform engineers configuring organizational hierarchies and delegation

What You Will Find Here

• Authorization — Multi-model policy evaluation: RBAC, ABAC, ReBAC, PBAC, RADAC
• Identity — User identities, organizational assignments, and Tenant-scoped isolation
• Organization Model — Multi-Tenant IAM, hierarchy, delegation, and org-aware tokens
• Policy Model — Policy authoring, DSL, simulation, and lifecycle governance
• Token & Session — Token claims, context switching, session hierarchy, and logout
• Resources & Scopes — Protected digital assets and authorization actions
• Authentication — Authentication flows, federation, MFA, and protocol standards
• Attributes — Attribute schema, multi-scope inheritance, and compliance metadata
• Groups — Group-based role assignment and hierarchical group structures

Start by Goal

• Understand how access decisions are evaluated → Authorization
• Model users and organizational assignments → Identity
• Design a multi-Tenant hierarchy → Organization Model
• Write and test policies → Policy Model
• Understand token claims and session lifecycle → Token & Session
• Model protected resources → Resources & Scopes

Start by Persona

• Architect → Authorization, Organization Model, Identity
• Developer → Policy Model, Resources & Scopes, Token & Session
• Operator → Token & Session, Authentication
• Security Engineer → Authorization, Attributes, Groups

Recommended Starting Points

1. Identity — understand how Keymate represents users
2. Organization Model — understand Tenant and department hierarchy
3. Authorization — understand how access decisions are evaluated
4. Policy Model — understand policy authoring and lifecycle
5. Resources & Scopes — understand what policies protect
6. Token & Session — understand how identity and context flow at runtime
7. Authentication — understand authentication flows and federation
8. Attributes — understand attribute definitions and inheritance
9. Groups — understand group-based role resolution

Related Sections

• Architecture — system design and deployment topology
• Platform Components — component-level documentation
• Developer Guides — hands-on implementation guides
• Reference — API, DSL, and configuration specifications