Peering
Antimatter organizes data into domains, with each capsule existing within a single domain. For information on how cross-domain data is handled, see Capsules and Bundles. When starting out, it might be convenient to encapsulate all of your data within a single domain. However, for more advanced use cases—such as cryptographic isolation between teams, organizations, or customers in a multi-tenant system—you may want to adopt a multi-domain model. For instance, a SaaS company could create one domain per customer, allowing for distinct audit logs, capsule manifests, and encryption configurations for each customer.
Peering simplifies the management of multiple domains. Instead of setting up nearly identical read/write contexts and duplicating your configuration across multiple domains, you can configure them in one domain and import them into your other domains. Peering also makes it easier to query a capsule manifest or audit log across multiple domains. The following resources can be shared using the peering mechanism:
- Identity Providers
- Fact types (and their facts)
- Read contexts
- Write contexts
- Capabilities
- Domain policy
- Capsule Access Log
- Control Log
- Capsule Manifest
- Billing (e.g. a domain can forward its expenses to another domain)
- Admin contacts (e.g. communication can be forwarded to the contact of another domain)
More documentation about peering will be added soon. See the OpenAPI Spec and Python language docs for more information.