Welcome to the Fortanix Confidential Computing Manager (CCM) User Guide. This document describes groups and third-party groups in CCM.
A Fortanix CCM group is a collection of users and objects.
In Fortanix CCM, users can own resources such as workflows, datasets, and applications through their individual accounts, but these assets are inaccessible to users from other accounts. The third-party support enables users from other Fortanix CCM accounts to own these assets by group and collaborate with different users within a shared group.
The Fortanix CCM Workflows and Datasets feature will only be enabled for Customers with an "Enterprise" license
In the Fortanix CCM’s organizational hierarchy, a group is a collection of users and objects and helps users to manage identities, create third-party groups as described in Section 3.0: Third-Party group, and help in organizing and securing applications, datasets, and workflows that belong to the group. A group is used to control access and usage of objects in a workflow. A group is an entity under a Fortanix CCM account. A user of an account who is an account administrator can create a group. The user who creates a group automatically gets assigned the role of group administrator. The group administrator can add more users to the group in the role of administrators or auditors.
For more information about the group roles and how to add them, refer to User’s Guide: Create Groups.
3.0 Third Party Group
A Fortanix CCM third-party group is an entity that is created when two groups from different accounts wish to collaborate. During collaboration, they can share the objects of each other’s groups.
3.1 Source Group
A Fortanix CCM source group is the group that initiates the collaboration or sharing of assets with another group of a different Fortanix CCM account.
3.2 Recipient Group
A Fortanix CCM recipient group is the group that receives a request from another Fortanix CCM group to participate in a collaboration or sharing of assets.
3.3 Group Participation Token
For a Fortanix CCM source group to request a Fortanix CCM recipient group for collaboration, it must prove itself to be an authenticated group. If this authentication is not present, a recipient group can receive multiple spam requests for group sharing from various source groups. To avoid this spamming of requests, the recipient group's administrator creates a 'group participation token', that can be used to identify itself. Only valid source group administrators are given such a group participation token. When the source group requests a recipient group for collaboration, the recipient group provides the group participation token to identify itself. The recipient group verifies the participation token in the request and authenticates the source group.
3.4 Placeholder Nodes
It is a node in the Fortanix CCM workflow graph. This node can be filled with various Fortanix CCM resources, like applications, datasets, and so on.