Home
📖Documentation

System Architecture

D2 System Architecture

Understanding how D2's cloud-native authorization platform works under the hood

D2 Cloud Platform

D2 operates as a cloud-native authorization platform with a distributed architecture. Your applications run the D2 SDK locally while connecting to our secure control plane for policy management.

Local SDK

Zero-latency authorization decisions in your application process

Control Plane

Secure policy distribution and management infrastructure

Dashboard

Web-based management interface for policies and monitoring

Policy lifecycle

Policy Creation & Distribution

  • • Policies created via CLI or dashboard
  • • Signed with Ed25519 cryptographic signatures
  • • Distributed via secure HTTPS endpoints
  • • Cached locally with ETag-based updates

Automatic Renewal

  • • Policies expire weekly for security
  • • SDK polls for updates automatically
  • • Graceful fallback to cached policies
  • • Fail-closed when no valid policy available

Security & cryptography

Public Key Infrastructure

Signing & Verification
  • Ed25519: CLI publish signatures
  • RSA-2048: Production policy bundles
  • JWKS Discovery: Automatic key rotation
Transport & Storage
  • AES-256-GCM: Data encryption at rest
  • TLS 1.3: All network communication
  • JWT/JWS: Signed policy containers

Security Notes

  • • Policies are immutable once signed and distributed
  • • All authorization decisions happen locally (zero network latency)
  • • Tokens are scoped to specific operations and time-limited

Token management

Token TypeUsagePermissions
Developer Token
Local development, CLI operationsPolicy read/write, multi-app management
Server Token
Production runtime, policy fetchingPolicy read-only, telemetry upload
Admin Token
Dashboard, managementFull access, user management, audit logs

Token Best Practices

  • • Use server tokens in production environments
  • • Each application should have its own dedicated token
  • • Revoke unused tokens immediately
  • • Store tokens securely and never commit them to version control

Dashboard integration

Policy Management

Create, edit, and version policies through an intuitive web interface

Real-time Monitoring

Monitor authorization decisions and system health in real-time

Team Collaboration

Invite team members and manage permissions across your organization

Navigation

Back: Full Documentation

Return to the complete SDK reference.

Next: Telemetry & Observability

Monitor decisions with OpenTelemetry.