Whitepaper
The security whitepaper is the deeper technical narrative for DarkAuth’s custody model, protocol choices, and deployment assumptions. It should be used for architecture review, procurement conversations, and security audits where a short docs page is not enough.
What belongs here
Section titled “What belongs here”This page should link to the generated whitepaper assets and summarize:
- OPAQUE password authentication.
- DRK wrapping and delivery.
- Hosted-web trust boundaries.
- OIDC compatibility.
- Session and refresh-token behavior.
- Operational controls.
- Incident response.
How to read it
Section titled “How to read it”Read the whitepaper after the shorter security pages. The docs explain how to use the system; the whitepaper should explain why the design choices were made and what assumptions they depend on.
Maintenance
Section titled “Maintenance”Keep the whitepaper aligned with implementation. If token behavior, DRK delivery, password reset, sessions, or frontend custody changes, update the whitepaper in the same release.