Add documentation related to the JWT-SVID auth

src/README.md

@@ -10,6 +10,9 @@ you want to know, you can go to the [users](parsec_users.md), [client
 developers](parsec_client/README.md), [service developers](parsec_service/README.md) or
 [security](parsec_security/README.md) sections.
 
+Don't hesitate to ask any question you would have when reading on our [Community Slack
+Channel](https://github.com/parallaxsecond/community#community-channel)!
+
 Parsec and all the repositories under the `parallaxsecond` organization are provided under
 Apache-2.0. Contributions to this project are accepted under the same license.
 

src/parsec_client/api_overview.md

@@ -189,8 +189,14 @@ permitted numerical values for this field are given as follows:-
    connecting process as a zero-padded little-endian 32-bit unsigned integer. The Parsec service
    will verify that this self-declared UID is consistent with the UID from the Unix peer
    credentials.
-
-Other values are unsupported and will be rejected by the service.
+- A value of 4 (`0x04`) indicates authentication through JWT SPIFFE Verifiable Identity Document.
+   The service expects the **authentication** field to contain a JWT-SVID token as described in the
+   [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/JWT-SVID.md). The token
+   must be encoded using the JWS Compact Serialization. The service will use the SPIFFE ID validated
+   from the SVID as application identity.
+
+Other values are unsupported and will be rejected by the service. See the
+[authenticators](../parsec_service/authenticators.md) page for more details.
 
 ## Unauthenticated Operations
 

src/parsec_client/wire_protocol.md

@@ -148,6 +148,9 @@ be passed directly. But it is also possible to use the identifier as input to an
 the body, in which case the authentication field would contain the computed HMAC, rather than the
 identifier itself.
 
+See the [API Overview section](api_overview.md#authentication-and-sessions) for a description of
+possible authentication type values for the authentication field.
+
 ### Sessions
 
 The wire protocol supports the notion of sessions, which can be used to allow the client and the
@@ -242,7 +245,7 @@ following diagram, the bytes go left to right from least significant to most sig
 | Session handle       | Common         | 8               | Session identifier.                                                                                                                                                                                                                                                                                                                                                                                                                                 |
 | Content type         | Common         | 1               | Defines how the message body should be processed. The only currently-supported value is `0x01`, which indicates that the message body should be treated as a serialized protobuf message.                                                                                                                                                                                                                                                           |
 | Accept type          | Requests only  | 1               | Defines how the service should provide its response. The only currently-supported value is `0x01`, which indicates that the service should provide a response whose body is a serialized protobuf message.                                                                                                                                                                                                                                          |
-| Auth type            | Requests only  | 1               | Defines how the authentication bytes should be interpreted.                                                                                                                                                                                                                                                                                                                                                                                         |
+| Auth type            | Requests only  | 1               | Defines how the authentication bytes should be interpreted. See the [authentication section](#authentication) above.                                                                                                                                                                                                                                                                                                                                |
 | Content length       | Common         | 4               | Provides the exact number of bytes of body.                                                                                                                                                                                                                                                                                                                                                                                                         |
 | Auth length          | Requests only  | 2               | Provides the exact number of bytes of authentication.                                                                                                                                                                                                                                                                                                                                                                                               |
 | Opcode               | Common         | 4               | Indicates the operation being performed by this request. See the [section](#opcodes) above on opcodes.                                                                                                                                                                                                                                                                                                                                              |

src/parsec_security/parsec_threat_model/diagrams/dataflow_diagram.xml

@@ -1 +1 @@
-<mxfile modified="2020-06-18T17:13:25.427Z" host="app.diagrams.net" agent="5.0 (Windows)" etag="2i-POHZ-fJyVGP1YEp77" version="13.2.6" type="device"><diagram id="r3fCkxUuyQpxchEkL19v" name="Page-1">7V1bl6K4Fv41vsxaurhfHqu0qudiddeMNZc+L7MQotKDhAassubXnwQDShIsUQg6Wg/dEkKA/X3Z2XtnJ/TU4XL9KXaixRP0QNBTJG/dU0c9RVEs3UL/4ZJ3UqLo9qZkHvvepkzeFkz8fwEplEjpyvdAUqqYQhikflQudGEYAjctlTlxDN/K1WYwKN81cuaAKZi4TsCW/ul76WJTainmtvxH4M8X+Z1lg7zf0skrkzdJFo4H33aK1IeeOowhTDe/lushCLD0crlsrnusOFs8WAzC9JALviYvw+n4Ph6+v6/Vv2ezzymc9GWCz6sTrMgbk6dN33MRxHAVegC3IvfU+7eFn4JJ5Lj47BtCHZUt0mVATidpDP8pRKWikpkfBEMYwDhrTZ1ZLnDdoubOmamla7qEznhOsijux74mefNXEKdgvVNEXvsTgEuQxu+oCjnbtwkEhIR9WVJJydsWU9vSNmWLHTwNnVR0CI/mRetbUaMfRNp8yb+4lvH0c/p9PJ88fF873/6Wfp/3tYYF78Qu6T2qwkr98XFkGwZP6g+Gbeh3XOSaxsEwKBxMm4VBtiQWBrk1GJTrg6Fv0jDoh8IgNwADXw+pH+OAmkFaHxyjg0oipDDxdGB5Gg8TS5mqGVoNCL1gcC50i6OCNMMamAYrd7U1uefj2K6YPTQAksMQhlje2x6A1TOM0wWcw9AJxhBGRKjfQJq+E+Y7qxSWEQFrP/1r5/dX3NRAJ0ejNWk5O3jPD0L0gn/tHnzdPdhelB3lVzEgStkfw4qsc8Iw5dd04vQOGw/ohBs4SeK7efGjHxQvFXp5JSInVELOS/tYk8BV7IJ9vYEYOk48B+k+9Db1MGJ7ORiDwEn917JJcwqXRosv+q932mL+/OtP/fdv95r3x7Jv7lOdDRJHPoY2A0X/kDk7qBNAdyGXypBvebFFXeaRyrYr6Pcf5se+py6peCNAz38/RT/maSaSTQEWYolJxvcVzE/0k4wtd6iCbEXr7cm8lWHgg+z6sT+NHfzk5DYxfR/0HptbMcU7j7SX0wcNRR+rIzxIOYE/DzGz0MODuJlhR6FGHVvhDPUqZ6hvwuDisiC/2cWMOHIdvXH8aNHEwHW8RlEO1CjmWWkUVRbKJWlg6r3649BA79UyYBoZhi6DTrldey58UjvUTWY75vAVsck+L3NY74xMx1nItQzkUwe6vYwhJvN/mDG6+efLb8soCv9neP3xH8/jx/HPRRCkDQdK6h2ja+QyQ+r5UNUUqfKFKBwaw54vbaXLoYYXd2zFGXp24gS46PQExK8+ktz1OkMq7Q2ZBusNFTNPpcCn0loAzmBkKsjbqRMPq8KtDP+xA8vxfV09UM83Hgghlz5DP+ububdt22WCFTMeeRubJyWXUdQpnuMEA1aUVvnJQ1j5KZbZcwxffQ/EV6NG+nQo35R1Ro2IDaootlhHuL6tWbYkGvBamnBJDvB8jtdNWle66SQm8aalW9EgXybYJkG90wmSK7ZJDI2O0GqcCK0iVJlYYpXJ4KigmnJ8VO0jx6SrOIdxkRrDEKUxRiBCuhmErg+Sq9EPCp2sYVsc/aBz9IPWgH7gB7a0zoyNQiFUeDQXE6BqfB6F75DoMm2q0o5syw6JWakcPP/1IFWgIVWQdWxKG/zoxN4bkvxOl8+aLCuCU+8yApuYiTQCiRv7UQrjXWPlhJarnptWVgu4nK6SQxVVKfESPQnpXbKWH5OWsytQW344JxwnRy9Z78QTM82YN9YhuWY89WW3NgGtCDZvSpOG+zVYpX1TaxL6Uud5rIu0f3gZ1O2ktcBw5s9XMXonGKJaCLeGo7nJwonwzyiGLkgOUDpTx/1nnnWVL6s08EPQq1JGDegSJoVS45lCBkeX0FG4xrC3RWH/C8CCeEEjEMZcenKiCCnrhh3n84afGUp0qWv4c+uqffzH8LrA1uilApp5YFikCbeHD7YwR/flt98nLw+jZvFGgk95FmM+hBOjYTc5nhQxbi2G0Xed4I6cWPqeh2/DZVDZkCon4td1q2pM9dFLfiyesuBN9amt8afaF2qYP5+/fMaDxXWyCHOoKRbpKsUi7sIxWROqhoTZHBM4SzcetjSEywjBmJHlWiP1fTp7QFU50348V7a9SL0w++MZxImfpJu0+pGTOtdkjMi05any5miEWp7FS7SOPB1n2wLellI4PuLVhOFgbpfgFXBz0oRkkwO3LLWGt8LBm45i8eI7FTHxHTE2sGDpw0jMjuD2KcgTo92GRPdTSS+3sQlBMdFupiXzw5ZajpsrwjJ5NspcAmt34YTzhgNKrLl4uBkYA/TozjRrCvMxwrLOpK/f9/QRKgmcKQjui5Fgd5OB7I9H7krjcH+3o/VHseEEecDe7p4OXOtBGiiapZRZpTRCe1kZ5JZI0bBZbgTOZgk4lajcyUCZp5haIepdmiKot3lmzVoeq2Vw5+LZnS0jx5hezzDxs3irOprCNIXLw3hHszqF1OAFN2bLsNi2hK9yGaN3OCQMppi9LS+vbi/KGxgbTXouWuVM5vDy3powg7js06rNoCRywgoCuoV4thzLBVU5T9c0m2W5Fm0/qlp+3fZITrx5Afxuj8d0ypXOMee5oUW9LRpXj/bnTmP7xuKOWKxoGkVj3moGoTSuTh49dxpbNxp3pYwNmsYaG1YTS+PqiZ5zp7F5o3FHNNaZ2enOaVydmHLuNNZvNO6IxgY942WYHdNYr57jOHcaqzcad6WNmax5zhI9sTS+XNv4FqjoisbsppFdRyrMy7WNlRuNu4pUMLvQSWrHNK7OxTp3Gms3GndlG9M05uUUiqXx5bp4xo3GXdGYTq3WbUsYjbl7sItPrJZ+KO7QyCzy+afFFvvLN8AgJjvG5C3EaSu5mkshYbnVNwqdRqG960CFUkauzh3YWZCLUMZrfyMkOPRrCvCC2Sz5J8F7HiFRKVIar5IU/xrigwVIQFaDJEcmPZzgg2ujH2hcIL9QPYy/C6NDVjBviuAsu9BPsv9i4GAeL8k3d5wQP8smXTtdrLI6uEr2iE6S/ZOslhEe6fYvJdq3HLndhC68ijYhK5ZZ/lXke+c186XORn5cLHVuwBGn40mKwsaTjLaWI/HpqzD0fcFExCzFXdoh9zj6SyYlVVAn+Z755gn+qwCJ1yK9Tp1vbTWAKpPRrxya1202gCp3U0oW1JbGMVlrdvg64eMsFF+A7OnA5HHONkzV2X6PhZOUydDhcOwtjg1j6+2MR1zohWX8yvUiYZcONO3uGJw0GaFA66KAVuvFii4caFOjkqANix2jhQItzK/V6k2YXzjQqiUPKKhtjjchFGph/qem10tVu3CsmRW4GsdEE4q0sO1erqpPK3QWYOc4C1tmXS9n78JxNpl9PbrW3HliiLDtwJQjtjulvsOgUn+9/ZuDZUfPIPaRxHCIpuYey6d/p2HP9xfK233tWeTDUkrQRzmqXfKD+73O6/fV/vdp7Y6h6wRs409gCbefwqvQNeyzHBAdOCXIxNm6ofiArr6d8DpJ5zDBO0PnbNwgtRS845PqgrPBpFrj1W3mtjRzexqR6ZgVz8Nta+aWy2Nhu8XLynX5uAqd+Wd0bQ/Lwhyf64pPmnQsQ+ZsMSUWaWGuz12S7UoghavlFMQNb3B45ntPHLylRK0RwrIHtm1KumUpqq7YtFcty/VHAnQYQwxbce4T6kuLp2zeWX34Pw==</diagram></mxfile>
+<mxfile modified="2020-11-06T16:17:44.064Z" host="app.diagrams.net" agent="5.0 (Windows)" etag="RiL2pRP-Z2sYNhEu-j-S" version="13.8.0" type="device"><diagram id="r3fCkxUuyQpxchEkL19v" name="Page-1">7V1bd9q4Fv41vJy1YPkmXx4TSDqdk7TpJO2052WWsRVwxyBqm4TMrz+SkY0tywSDLMNAHlos3/f3aWvvra3tnj6crT5E7mJ6j3wY9jTFX/X0UU/TNBvY+D/S8kZbNOCsWyZR4K/b1E3DY/APpI0KbV0GPoxLByYIhUmwKDd6aD6HXlJqc6MIvZYPe0Zh+a4LdwIrDY+eG1Zb/wz8ZLputTVr0/4bDCbT7M6qSd9v5mYH0zeJp66PXgtN+k1PH0YIJetfs9UQhkR6mVzW593W7M0fLILzZJcTfsRPw/HddTR8e1vpfz0/f0rQY1+l+Ly44ZK+MX3a5C0TQYSWcx+Sq6g9/fp1GiTwceF6ZO8rRh23TZNZSHfHSYT+zkWl45bnIAyHKERRejX92fag5+VHFvaMbWAABe/x3Xia36/6mvTNX2CUwFWhib72B4hmMIne8CF0b9+hEFAS9lVFpy2vG0wd21i3TQt4moAe6FIeTfKrb0SNf1Bp8yX/5Nnm/e/Jr7vJ482vlfvzL+XrpG8IFrwbebT36FpV6re3I8c0eVK/MR0TXHGRE42DaTI4WE4VBtVWqjCorcGgnR8MfYuFAewKgyoABr4e0t/HAV8Ga324jw4qiZDBxAfQ9g0eJrY21lO0BAg9Z3AmdJujggzTHlhmVe56a3LPxrGimH08ANLNOZoTeW96AFHPKEqmaILmbniH0IIK9SdMkjfKfHeZoDIicBUk3wu/f5BLDQDdGq3oldONt2xjjl/we3HjR3Fjc1K6lZ1VAVFJ/yqsSDsnmif8I90ouSLGA97hhW4cB17WfBuE+UvN/ewgKifcQvcr21gTo2XkwW29gRo6bjSByTb01scRxLZyMIKhmwQvZZPmEC6Npp/BlytjOnn48rH/9vPa8L/N+tY21SmQOOo+tBlo4F3mFFCngBYhV8qQb3ixQV3lkcpxauj3L+bHtqcuqXgzxM9/PcY/JkkqknUDEWKJSeavJcp29OOULVf4ANVerDY7s6sMwwCm598F48glT05vE7H3we+xvlWlufBIWzm901D0vjoig5QbBpM5YRZ+eBiJGXY0ZtRxNM5Qr3OGehEGF5cF2c1OZsRRm+iN/UcLEQPX/hpF21GjWEelUXRVKpeUgQV6zcehAeg1MmCEDEOnQafMrj0WPukd6iarHXP4jNjkHJc5DDoj034WciMD+dCBbitjqMn8L2YMsP58+mO2WMz/Z/r9u28Pd7d3v+dBkDYcKKW3j65Rywxp5kPVU0SkL8SBmi/c43KGeHHHVpyhBzeKoYd3P8LoJcCiPF9nSGe9IcusekP5zFMp8Km1FoAzKzKV5O00iYfV4VaGf9+BZf/Or++o54X3fXrqAwrSvpl5245TJlg+45FdY/2k9DSGOvlzHGDAytIqH32MVZAQmT1E6CXwYXQ2aqTPhvItFVTUiNygiubIdYSb25plS0KA1yLCJdnB89lfNxld6aaDmMSblm5Fg3x+JDYJ7p1uGJ+xTWKyuQmOpleViSZVmdhylclgr6Catn9U7T3HpKs4h3mSGsOUpTFGcIF1M5x7AYzPRj9oujkAjIbgZc0AjoYwBGgIfmjL6MzcyFVCjU9zMiEq4TMpfJcEqKyxyrqyLbskVq168IOXnZSBgZVB2rUZffCbG/mvWPKFTp9esqwKDr3LCK6jJsoIxl4ULBIUFc2VA65c99ysupqi2XgZ76qqSqmX+Elo71KNbJteOT0DXyuYTyjH6dZT2jvJ1IwYA8feJduMp76c1qagNckGTmnacLsGq7VwGk1Dn+pMj32SFhAvh7qdxBY0fw4mywi/E5rjozBuguO58dRdkJ+LCHkw3kHpjF3v70naVT4vkzCYw16dMhKgSypJlIbN0SUmR5ewcThh2DuysP8vJIJ4wiMQwVy5dxcLrKwFu87HDX9lKAFK1/Bn1lX7+N+h8wLbYBcLGBYHbF5gRITbwwdbmqv79MfXx6ebkVi8seATnsWYDeHUaCimx9OmimNLYAw8N7yiO2aB75PbcBlUNqTKqfhN3aoGk33AKPPHVDn84U326a3xp94XEsyfT58/kcHiPFlEOCSKRZUhh7t0TDWkqiFpNscjek7WHrYyRLMFhjEly7nG6vts/oCucyb+eK5se7F6afbHA4ziIE7WifUjN3HPyRhRWTWgG11bnvlLtI48G2fbAN6WUtg/4iXCcLA2i/ByuDmJQqrFgVtVWsNb4+DNRrF48Z2amHhBjAKWLL0biSkIbpuCPDDabSpsP1VA+RrrEFQl2l25kvXulVqOm2vScnnWylyBK2/qzieCA0pVc3F3MzCC+NHdcXopwscFkXUqfXDdAyPcErpjGF7nI0GxzED6xyN3rXG4vdux+iMvOUEfsFes6sC1HpSBZthamVWaENqr2kBnJgmzhb3ZRdDzcwwPJSp3MlDlKaZWiHqVJBjqTaaZWMtjOQuvPDK7s2HkHaHXA4qDNN6qj8YoSdBsN96xrE4QM3ihtdkyzAuX8FVuxegdDimDGWZv2svr2/N2AWOjxZYO0DmTObzMNxFmEJd9Rr0ZFC/ceQ0BvVw8G45lgqqdpxPNZlVtRNv3Di2/bnskp968BH63x2ODoTHgmPPc0CJoi8b1o/2x09i5sLgjFmsGE+IEvPUMUmlcnz567DS2LzTuShmbLI2NalhNLo3rJ3qOncbWhcYd0RhUZqc7p3F9Ysqx0xhcaNwRjU2dobFpdUxjUD/Hcew01i807orGrIvncOZt5dL4dG3jS6CiKxpXy0Z2HamwTtc21i407ipSUalDlxWe7ozG9blYx05j40LjrowKlsY2JwFZLo1P18UzLzTuisZsajVw5GljbhV2+YnVyn/yOwiZRT7+tNi8wrwABlWyYyzeQpy2kqu5FJKWW32h0GEU2roOVCpl1PrcgcKCXIwyWfu7wILDv8aQLJhNk39iUvUIi0pTkmgZJ+TXkGxMYQzTI2hyZNwjCT7kaPwDjwv0Fz6O4O+hxS4rmNdN6Dk9MYjT/yLoEh7P6Fd33Dl5lnW6djJdpseQQ9JHdOP0n3g5W5CRbvtSom3LkdtN6CKraGO6YrnKv5p87+zIbKmzmW3nS50FOOJs5oumVcOiZlvLkfj01Sr0fSJEJCwlXdql99j7WyYlVdAk+b7y1RPyVwMS74rsOnW+tSUA1UpGv7ZrXrclAFVuncoqqC2NY6ohdvg64PMsDF+g6gNo8TjnmJbuCvoiSwV7m2PDOKCd8YgLvbSMX7VZJOzUgWbdHZOTJiMVaCALaL1ZrOjEgbYMJgnatKtjtFSgpfm1RrMJ8xMHWmfnqJ2ue7Q079MAzRLVThxpwCJtcAw0qUhLK/ZyVj1aY3MAO8dZ2iLrZhl7J46zVanqwYkCScU5q90srRiYtke5U+Y7DDrz19teGizdeoBRgCVGAjQNayw3/k7D1u8vFGt7bV3Rcywf5ah3yHfu94DX7+u978Oue4c8N6xe/B7O0OZTeDW6pvosO8QGDgkxcQo35B/QBaJyaNjQnQk4ZRuUlkJ3fFKdcC6Y0mi8uszbCkwGYyNWPP+2rXlbLo+lVYtXtfPycDU278/s2h5WpTk+5xWdtNjy3ionUVku0tJcn6s4rUmgzJezMYwElzc8ocoTdaRpXGNCtZ2B41gKsG1NB5rDetWqKmAkuP/l/aMvP755V18/gC+fvvz6/g3Jm7Z6fPh4e3tDHme2COEMy5BWw92fKbKLkHFwrrChfrWkzWKq8KqgtlWFjAu+pM+mtvhFXSFfE9rHxef6uu962Nu64G7Fsw9wp/k1aAysegxn8weYYc1hx6tdKzEBoLBDpMU6ZuJqMXElK+lzFzX8FlH5XSy/G9Sz34/fu37ps74fCOc3MGz83gV+M/RmKbkrvQ2gDTSm3JzFauqW+V0/H3300YhmvsIlGlGyQQ8yRAC7wtJ2wEBePIJL5NNd1KNelgp3RWSDLaPjcFI7BdEYb0aIIL9R39jDmN6nKbz6zf8B</diagram></mxfile>