# General architecture

Each OpenCloud instance will provide an OpenId interface. This interface may be connected to an existing LDAP Server or a dedicated one.

# User rights definition 

Each OpenCloud instance will manage it's users and their permissions :
* a user has permition to start a distributed workflow in using remote peers 
* a user has administrative rights and may change the service exchenge rates
* a user is limited to view financial information on the instance
* a user belongs to a group (that may represent a project, a department,...)

# Authentication process

Each OpenCloud peer will accept a company as a whole.
Upon user connection, it will receive user rights form the origninating OpenId connect server and apply them. ex: specific pricing for a group (company agreement, project agreement, ...)