bitzorcas
EN

Concept

Overview

Security architecture — three-scheme authentication (JWT/HMAC/API Key), multi-strategy authorization, HMAC nonce anti-replay, webhook signing, and delegation (impersonation).

Last updated

BitzOrcas implements a comprehensive security model designed for SaaS multi-tenant environments. Security is enforced at multiple layers — authentication, authorization, tenant isolation, and request integrity.

Security surface

LayerImplementationStatus
AuthenticationJWT / HMAC / API Key (3 schemes)✅ Implemented
AuthorizationRBAC + ABAC + AppScope + ReBAC✅ Implemented
CORS & HeadersASP.NET Core CORS configuration✅ Implemented
ImpersonationDelegation tokens (operator impersonation)✅ Implemented
Webhook signingHMAC-SHA256 request signing✅ Implemented
Production checklistDeployment security checklist✅ Documented
2FA/TOTPTOTP authenticator📋 Planned
Data protectionEncryption at rest📋 Planned

Design principles

  • Fail-fast: Missing secrets cause immediate startup failure — no default weak keys
  • Fail-closed: Unconfigured authentication schemes reject all requests
  • No plaintext secrets: API keys are SHA-256 hashed; JWT secrets are validated for minimum length
  • Tenant isolation: All data queries are tenant-filtered by default
  • Audit trail: All security-relevant operations are logged

Threat model

BitzOrcas’s security addresses common SaaS threats:

ThreatMitigation
Token theftShort JWT lifetime + HMAC nonce anti-replay
Credential leakageAPI keys stored as SHA-256 hashes, never plaintext
Tenant data leakageGlobal query filters enforce isolation
Brute forceSliding window rate limiting on auth endpoints
Replay attacksHMAC nonce store with expiration
CSRFNo cookie-based auth — all token-based

See also