# Security Decisions

## Hosting

**Graphistry:** Accounts, DB, graph visualizations
- SaaS: hub.graphistry.com
- AWS/Azure Marketplace (single-node)
- Manual: docker-compose, kubernetes

**Louie:** Application
- SaaS: louie.ai
- AWS Marketplace
- Manual: docker-compose
- Whether to enable sandboxed Python

**OpenSearch:** Optional - conversational memory & text indexing
- AWS managed service
- Self-hosted

**Off-node storage & backups**
- Graphistry; aws/azure/gcp; manual restic

## Authentication

- Built-in (user/pass)
- SSO (OIDC)

**Note:** Configure OAuth2 between Louie<>Graphistry

## Connectors

- Ensure Louie <> API/DBs
- Decide shared read-only service account vs per-user DB connections

## Authorization

**Sharing units:** Individuals, Organization(s)

## Web

Ensure user, admin access to each component: Graphistry, Louie, physical/cloud resources, OS, connectors

## Guard Rails

See UI Guide section on Guard Rails