@startuml


Actor User
Node "OpenCloud 1" as OC1 {
Agent Traefik as tfk1
Agent Catalog as cat1
Agent Scheduler as shed1
Collections "OC Services" as svcs1
Component "Auth Service" as auth1
Component OIDC as OIDC1
Component "Keto?" as keto1
Component "LDAP" as ldap1
}
User -> tfk1:sessionId
tfk1 ---> cat1:IdToken+AccessToken
tfk1 ---> shed1:IdToken+AccessToken
tfk1 ---> svcs1:IdToken+AccessToken
tfk1 ---> auth1
auth1 -down-> OIDC1
auth1 -down-> keto1
OIDC1 -down-> ldap1

Node "OpenCloud 2" as OC2 {
Agent Traefik as tfk2
Agent Catalog as cat2
Agent Scheduler as shed2
Collections "OC Services" as svcs2
Component "Auth Service" as auth2
Component OIDC as OIDC2
Component "Keto?" as keto2
Component "LDAP" as ldap2
}
cat1 --> tfk2:IdToken+AccessToken
tfk2 ---> cat2:IdToken+AccessToken
tfk2 ---> shed2:IdToken+AccessToken
tfk2 ---> svcs2:IdToken+AccessToken
tfk2 -down-> auth2
auth2 -down-> OIDC2
auth2 -down-> keto2
OIDC2 -down-> ldap2

auth2 -> auth1: validate id & access user groups
auth2 -> tfk2: moderated scopes

@enduml