Update Documentation El Alto

Issue-ID: AAF-854 Change-Id: I4bde6629fa9b4656f20ad69853baf98e503e50c8 Signed-off-by: Instrumental <jonathan.gathman@att.com>
author: Instrumental <jonathan.gathman@att.com> 2019-09-19 09:23:53 -0500
committer: Jonathan Gathman <jonathan.gathman@att.com> 2019-09-19 14:56:23 +0000
commit: 1a101ab7676e7827423f39a22808418dc29e913f (patch)
tree: 04a14490a647c66e8b4beb43bc8644e7807905a8 /docs/sections/architecture/security.rst
parent: b907ab4b6d721c875b042a89c7c8c071ba0dd4a9 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/sections/architecture/security.rst b/docs/sections/architecture/security.rst
index d1809935..ebfd63ba 100644
--- a/docs/sections/architecture/security.rst
+++ b/docs/sections/architecture/security.rst
@@ -33,6 +33,10 @@ Whenever two processing entities exist that need to communicate securely, it is
 
 Encryption is provided by HTTP/S with the TLS 1.2+ protocol. Lesser protocols can also be added, but it is highly recommended that the protocol go no lower than TLS 1.1
 
+ALL components of AAF are accessible only by HTTP/S (service, locate, oauth, gui, certman), EXCEPT the component "FS".  
+
+FS *must* be HTTP, because it is responsible for being accessible DURING the TLS process for recent RCLs.  (Revocation lists).  Since it is part of the TLS process, it cannot be TLS itself.
+
 .. image:: images/SecurityArchBasic_TLS.svg
    	:width: 70%
 	:align: center
author	Instrumental <jonathan.gathman@att.com>	2019-09-19 09:23:53 -0500
committer	Jonathan Gathman <jonathan.gathman@att.com>	2019-09-19 14:56:23 +0000
commit	1a101ab7676e7827423f39a22808418dc29e913f (patch)
tree	04a14490a647c66e8b4beb43bc8644e7807905a8 /docs/sections/architecture/security.rst
parent	b907ab4b6d721c875b042a89c7c8c071ba0dd4a9 (diff)