Skip to main content

Core Concepts Overview

Before you start integrating TideCloak into your applications, it's essential to understand the foundational pieces that make our platform both powerful and secure. This section introduces four critical topics:

  1. Architecture Overview Explore the high‑level topology of Tide's Identity, Immunity & Access Management (IIAM) platform. Learn how components-the Secure Web Enclave, TideCloak IIAM service, the decentralized Cybersecurity Fabric, the TWELVE‑MAP directory, and the State Ledger-fit together to deliver a truly zero‑trust, honest‑minority‑resilient system.

  2. Secure Web Enclave (SWE) Dive into the browser‑delivered enclave that acts as the untrusted dealer for all end‑user cryptographic operations. Discover how SWE uses Subresource Integrity (SRI), zero‑knowledge proofs (PRISM), and threshold cryptography (sMPC) to guarantee that credentials and secrets never exist in one place-and that any tampering is immediately detected.

  3. IGA Workflow with JWT Understand the Identity Governance & Administration (IGA) workflow that enforces multi‑administrator approval for identity changes and JWT signing key protection. See how Threshold Signature Schemes (TSS) and quorum‑based voting safeguard the integrity of your JWT issuance process, ensuring no single administrator can unilaterally alter roles, permissions, or token policies.

  4. Authorization Flow with TideCloak

    TideCloak extends the standard OAuth 2.0 Authorization Code Flow with decentralized infrastructure:

    • Each step (auth, token issuance, data decryption) is distributed across nodes.
    • CMKs are never reconstructed - cryptographic operations are performed using Secure Multiparty Computation (SMPC).
    • Session keys and signed JWTs are validated using decentralized consensus, not centralized secrets.

    This approach enhances security, removes single points of failure, and aligns with zero-trust access principles.

    Explore the full Authorization Flow for a breakdown of each step, including architecture diagrams and technical annotations.

Why These Concepts Matter

  • Security by Design Every byte of SWE is integrity‑checked, every policy change is quorum‑signed, and every cryptographic operation is split across independent nodes. Understanding the architecture and SWE gives you visibility into how TideCloak enforces "provable never" rather than "eventually yes."
  • Seamless Integration With these building blocks in place, you can confidently embed TideCloak's standard OIDC/OAuth endpoints and the SWE widget into your apps, knowing exactly how data flows, where proofs are generated, and how to audit the entire process.

Ready to dive in?