Layers

Use Layers to define multiple drawing canvases in which to place policy objects for a CDS Framework security architecture. The canvases are displayed (or layered) on top of each other to create the final security architecture diagram. All systems include a primary information flow layer and at least one player of secondary flows. Secondary flows (while very important to the overall functionality of the system) are separate from the primary information flow of the system. Examples of additional secondary layers include logging data flows, gui data flows or config file data flows.

By placing policy objects on different layers portions of the security architecture diagram can be selectively not displayed. For comples systems, this feature can be invaluable for distinguishing the primary information flow, or other flows of interest.

Layers are defined and configured per-project in the Layer Properties property page. The layer for a particular policy item is settable on the Property View. By default, base policy items are added to the secondary layers named 'Secondary'; all other policy domains and resources default to the primary layers. Accesses inherit their layer information from the domain and resource they connect – both domain and resource must be in the primary layer for the access to be considered in the primary flow.

Layers can be hidden from the Architecture Diagram menu.