Platform Architecture
The SoftQuantus platform consists of four core services that together form the Trust Triangle for enterprise quantum/HPC operations.
Trust Triangleโ
flowchart TB
subgraph TrustTriangle["SOFTQUANTUS TRUST TRIANGLE"]
QSA["๐ QSA (IdP)<br/>Who are you?<br/>What can you do?"]
QL["๐ QuantumLock<br/>Are you entitled?<br/>Is it authentic?<br/>Can it be verified?"]
EV["๐ QCOS Evidence<br/>What happened?<br/>With what config?<br/>With what proof?"]
QSA --> QL
QL --> EV
EV --> QSA
end
Portal["๐ Portal Backend<br/>Commercial Layer<br/>Customers/Contracts/Billing"]
TrustTriangle --> Portal
Why This Architecture?โ
This architecture addresses the core needs of enterprise procurement:
| Challenge | Solution | Service |
|---|---|---|
| "Who are you?" | Identity, SSO, MFA, SCIM/SAML | QSA |
| "Are you entitled?" | Licensing, signatures, revocations | QuantumLock |
| "What happened?" | Evidence bundles, audit trails | QCOS Evidence |
| "How do I buy?" | Contracts, billing, self-service | Portal |
Core Servicesโ
QSA (QuantumSafe Auth)โ
Role: Primary Identity Provider for all services
Capabilities:
- OIDC/OAuth2 compliant (discovery, JWKS, PAR, device flow)
- MFA (TOTP) + Passkeys/WebAuthn
- Conditional Access Policies
- SCIM 2.0 + SAML 2.0 (enterprise SSO)
- Service Principals (M2M tokens)
- Audit Events + Compliance trails
Tech Stack: Go, PostgreSQL (port 8080)
QuantumLockโ
Role: Root of Trust & Licensing Core
Capabilities:
- Generate quantum-secured licenses
- Sign/verify evidence bundles (KMS)
- License revocation (CRL-like)
- Crypto agility (algorithm roadmap)
- Offline enforcement primitives
Tech Stack: FastAPI, SQLite/PostgreSQL (port 5000)
QCOS Evidenceโ
Role: Audit Plane for Operations
Capabilities:
- Job metadata tracking
- Evidence bundle generation
- Artifact storage (S3/MinIO)
- Signed manifests (via QuantumLock)
- Verification endpoints
- Retention policies
Tech Stack: Integrated in Portal Backend + Object Storage
Portal Backendโ
Role: Commercial Gateway & Orchestrator
Capabilities:
- Customer/Contract management
- Billing (Stripe integration)
- Entitlements management
- Gateway to QSA + QuantumLock
- Evidence API endpoints
Tech Stack: FastAPI, PostgreSQL (port 8000)
Source of Truth Matrixโ
| Domain | System of Record | Data Owned |
|---|---|---|
| Identity | QSA | Users, Sessions, MFA, SSO, Roles |
| Licenses | QuantumLock | License keys, Signatures, Revocations |
| Commercial | Portal Backend | Customers, Contracts, Invoices |
| Entitlements | Portal Backend | Features, Quotas, Limits |
| Evidence | Evidence Plane | Bundles, Artifacts, Audit logs |
Service Mapโ
flowchart LR
subgraph Clients
U[User/Customer]
A[Admin/Ops]
SA[Security Admin]
end
subgraph Frontends
PF[Portal Frontend]
AF[Admin Frontend]
QSAUI[QSA Console]
end
subgraph Services
PB[Portal Backend<br/>:8000]
QSA[QSA IdP<br/>:8080]
QL[QuantumLock<br/>:5000]
end
subgraph Storage
DB[(PostgreSQL)]
OBJ[(Object Storage)]
end
U --> PF
A --> AF
SA --> QSAUI
PF --> PB
AF --> PB
QSAUI --> QSA
PB -->|JWT verify| QSA
PB -->|M2M| QL
PB --> DB
PB --> OBJ
QL --> DB
QSA --> DB
Key Decisionsโ
- QSA = Primary IdP for all portals (Admin, Portal, QSA Console)
- QuantumLock = Root of Trust for licensing AND evidence signing
- Portal Backend = Gateway/Orchestrator (no duplicate licensing logic)
- Evidence Plane = Production (not demo shim)
Next Stepsโ
- Service Contracts - API contracts between services
- Authentication Flow - OIDC and M2M authentication
- Evidence Flow - Bundle generation and verification
- Implementation Plan - P0/P1/P2 roadmap