Multi-Tenancy

Introduction

Purpose

Multi-tenancy is a fundamental capability of the PRISM toolset designed to provide secure and efficient identity and credential management for diverse users, identities, and organizations. It enables the platform to serve multiple tenants while ensuring the logical isolation of their assets.

Key Benefits

Scalability: PRISM's multi-tenancy support allows the platform to scale effortlessly to accommodate growing users, entities, and organizations.
Resource Efficiency: It optimizes resource utilization by enabling the sharing of infrastructure components, enhancing cost-effectiveness.
Data Isolation: Multi-tenancy ensures that the data, such as DIDs (Decentralized Identifiers), connections, VCs (Verifiable Credentials), keys, and more, of one tenant is completely isolated from others, preserving data privacy and security.
Enhanced Collaboration: Shared wallets enable collaboration between entities while maintaining data segregation.
Granular Control: Administrators control the resources and permissions assigned to each entity.

Roles in multi-tenancy

Multi-tenancy permits multiple users or systems to use the PRISM Cloud Agent within a shared instance, enhancing resource utilization while preserving each tenant's and their resources' separation. Understanding different roles in multi-tenancy is essential for the secure and efficient operation of the Cloud Agent.

Administrator

The administrator's primary responsibilities include setting up, allocating, and managing tenant resources. Administrators have elevated privileges within the system, allowing them to create, modify, or delete multi-tenant resources such as entities, wallets, and authentication methods. They play a critical role in tenant management but typically don't participate in everyday interactions.

Tenant

Tenants are the users or systems engaged in everyday interactions. They have representation via a resource called an entity, and this entity uses a wallet as a container for the assets they own. Tenants can only view the assets within the wallet assigned to their entity. To access the system, they need an authentication method provided by the administrator.

Concepts

Wallet

A wallet is a central component of PRISM's multi-tenancy model. It serves as the container for storing and managing a tenant's digital assets, including DIDs, connections, VCs, keys, and more. Wallets are logically isolated to ensure that the data associated with one entity remains separate and secure from others.

Entity

An entity represents a user or any other identity within the PRISM platform. Each entity owns a Wallet, making it the primary entity for managing and interacting with its digital credentials and assets. Entities can also share wallets, enabling collaborative use of resources.

Authentication Method

Each entity is associated with an Authentication Method, which serves as a secure means of verifying the identity and access rights of the entity. This method ensures the entity's identity is authenticated during interactions with the platform, enhancing security.

Logical Isolation

Logical Isolation is a core principle of PRISM's multi-tenancy model. It ensures that one entity's digital assets, transactions, and data are logically separated from others, maintaining the highest data privacy and security level.

Shared Wallets

PRISM's multi-tenancy capabilities allow for the sharing of wallets among multiple entities. This feature facilitates collaborative work and resource sharing while preserving data isolation within the shared wallet. The entity can own only one wallet. Sharing it with other entities is possible, but multiple entities cannot own it.

Tenant Management

Tenant Management is the process of onboarding, provisioning, and managing entities and wallets within the PRISM platform. Administrators can configure each entity's permissions, resources, and access control, ensuring efficient and secure multi-tenancy operations.

DIDComm Connections

DIDComm Connections are the secure communication channels between peers within the SSI ecosystem. PRISM's multi-tenancy model ensures that the connections of one entity are logically isolated from those of other entities, preserving data privacy and security. Based on the DID-Peer of the message recipient, the corresponding wallet processes the message.

Webhook Notifications

Webhook notifications enable users to receive alerts for specific events in the system. There are two types of webhook notifications:

Global webhooks: monitor all events across all wallets at the Cloud Agent level
Wallet webhooks: isolated to individual wallets and do not have visibility into assets in other wallets.

Relation Diagram

The following diagram illustrates the relationship between the key components of PRISM's multi-tenancy model.

Multi-Tenancy

Introduction​

Purpose​

Key Benefits​

Roles in multi-tenancy​

Administrator​

Tenant​

Concepts​

Wallet​

Entity​

Authentication Method​

Logical Isolation​

Shared Wallets​

Tenant Management​

DIDComm Connections​

Webhook Notifications​

Relation Diagram​