Security Model¶

Overview¶

The Video Platform follows a defense-in-depth security model.

Every participant must be authenticated, authorized, and validated before joining a consultation.

Security Layers¶

flowchart TB

    AUTH["Authentication"]

    AUTHZ["Authorization"]

    TOKEN["Join Token"]

    SESSION["Video Session"]

    AUTH --> AUTHZ

    AUTHZ --> TOKEN

    TOKEN --> SESSION

Hold "Alt" / "Option" to enable pan & zoom

Authentication¶

Users must first authenticate through Keycloak.

flowchart LR

    USER["User"]

    KEYCLOAK["Keycloak"]

    JWT["JWT Token"]

    USER --> KEYCLOAK

    KEYCLOAK --> JWT

Hold "Alt" / "Option" to enable pan & zoom

Authorization¶

The Video Session Service validates:

Appointment ownership
Tenant ownership
Appointment status
Consultation window

Access Rules¶

flowchart LR

    USER["User"]

    APPOINTMENT["Appointment"]

    SESSION["Video Session"]

    USER --> APPOINTMENT

    APPOINTMENT --> SESSION

Hold "Alt" / "Option" to enable pan & zoom

Only participants associated with the appointment may join.

Security Principles¶

Authentication required
Authorization required
Short-lived tokens
Appointment ownership validation
Tenant isolation
Auditability