Demiton
Demiton

Security Model

Security architecture and operational security practices for the Demiton platform.

Security is a foundational principle of the Demiton platform.

The system is designed to ensure that enterprise workflows execute safely across connected systems.

The security model focuses on:

• identity enforcement
• secure system interaction
• controlled execution boundaries

Identity Enforcement

Every meaningful action within the platform is associated with an identity.

Identity information is used for:

• access control
• workflow attribution
• governance decisions

Identity may originate from:

• user authentication sessions
• scheduled system tasks
• automated workflow triggers

All workflow runs record the initiating identity.

Adapter Security

Adapters interact with external systems.

Secure adapter behavior requires:

• encrypted network communication
• secure credential storage
• limited system permissions

Credentials must never be written to logs or exposed to workflow logic.

Data Handling

Sensitive data must be handled carefully during workflow execution.

Best practices include:

• avoiding unnecessary persistence
• encrypting sensitive fields
• minimizing data exposure

Workflow data should only be accessible to the steps that require it.

AI Layer Security

The AI layer retrieves documents using identity-based access controls.

Indexed documents include access control fields:

allowed_entra_users
allowed_entra_groups

Retrieval queries apply these filters before returning results to the model.

This ensures users only receive information they are authorized to access.

Infrastructure Security

Deployment environments should follow standard cloud security practices.

Examples include:

• encrypted database connections
• private network access for internal services
• secure secret management

Production credentials must never appear in application configuration files.

Operational Security Practices

Organizations should implement several operational practices.

These include:

• rotating credentials regularly
• reviewing access permissions
• monitoring suspicious activity

Security reviews should occur periodically to ensure the platform remains compliant with organizational policies.

Summary

The Demiton security model combines identity enforcement, adapter isolation, and controlled execution boundaries.

These principles ensure that enterprise workflows execute safely across complex operational environments.


---