Alert EnterpriseWiki

Wavelynx — trust boundaries

Every place a Wavelynx-issued credential's data crosses an organizational trust boundary, and what cryptographic protection wraps each crossing. Internal-to-Wavelynx links (e.g. application tier to Cloud SQL via Unix socket) are not crossings — Wavelynx controls both ends. KMS appears as a distinct zone because Cloud KMS is the only authority that can produce plaintext keysets; Wavelynx delegates that trust to Google.

7 zones10 crossings
Loading spatial map…
Source
  • src/wallet-api-data-flow-architecture-v1.0.12.pdf §2 System context · §7 Security architecture summary
Verifying access
Desktop only

The AE Mobile Wiki needs a bigger screen.

The diagrams, comparisons, and animated flows aren't built for phones. Open this link on your laptop or desktop browser and you'll see the full reference.

wiki.alertenterprise.app

Same Google sign-in as the AE App Hub — you'll be in once you open it on a larger screen.