docs: add more Cedarling overview content

[ossdhaval]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

#8831

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

DryRun Security Summary

The pull request introduces the Jans Lock system, a centralized control plane for securing a network of distributed applications using the Cedar authorization policy engine, consisting of Cedarling, Lock Master, and Agama Lab, which provides security benefits such as pushing the policy decision point to the edge, empowering developers to define authorization policies, and improving OAuth security.

Expand for full summary

Summary:

The code changes in this pull request provide an overview of the Jans Lock system, which is a centralized control plane for securing a network of distributed applications using the Cedar authorization policy engine. The Jans Lock system consists of three main components: Cedarling (a WebAssembly component that runs the Cedar engine), Lock Master (a web service to manage the Cedarling network), and Agama Lab (a policy authoring tool).

The key security benefits of the Jans Lock system include pushing the policy decision point (PDP) to the edge of the network, empowering developers to define authorization policies that are appropriate for their applications, providing a centralized mechanism for managing and updating the authorization policies in real-time, and improving OAuth security by checking token status without relying on potentially unreliable introspection requests. Overall, the Jans Lock system appears to be a well-designed and comprehensive approach to authorization management, with a focus on security, performance, and developer experience.

Files Changed:

• docs/admin/lock/README.md: This file provides an overview of the Jans Lock system, including its main components, key features, and security benefits. The changes introduce the Jans Lock system and explain how it can be used to secure a network of distributed applications using the Cedar authorization policy engine.

Code Analysis

We ran 7 analyzers against 1 file and 0 analyzers had findings. 7 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.