WITDOM Protection Orchestrator

This document describes basic setup and usage of Protection Orchestrator services, running inside a single Docker container.


  • witdom-core-po-deployment: Compiled and Dockerized version of the Protection Orchestrator, ready for deployment.
  • witdom-core-po-source: Source code for the development of the Protection Orchestrator, Work Item Handlers and Protection Configurations.
  • DISCLAIMER.txt: Disclaimer text.
  • LICENSE.txt: Apache 2.0 license text.
  • README.md: README file.


This component is in charge of parsing the protection configuration of an application and applying it by building the requests to the protection components deployed in the trusted domain of WITDOM and calling them for:

  • Protecting the input data that a service in the untrusted domain will need.
  • Pisclosing the results after a service in the untrusted domain has finished.

After the client application has prepared and segmented the input data and placed it in a storage service accessible by the trusted-environments’ protection components, a call to the broker initiates the pre-processing of the signals. The broker then calls the PO indicating the protection configuration for the application, which includes the needed components, the pieces of data (pointers) that are used by each component and the composition of the components in order to orchestrate their execution.

Once a service finishes, its outputs are still protected, so they must be post-processed in the trusted domain to recover the clear-text outcomes of the process that can be used by the client application. In this case, the Broker calls the Protection Orchestrator to perform this post-processing, and, again, by parsing the protection configuration of the application, the PO will build the needed requests to each of the protection components and call them on the output data of the service.



Note: Repositories witdom-core-po-deployment and witdom-core-po-source have their own README files with more detailed documentation.


For compiling the Protection Orchestrator:

  1. Navigate to the root directory of the source version and import the Maven project to Eclipse.
  2. Compile the WAR using Eclipse export feature.
  3. The project can also be compiled with Maven: $ mvn package
  4. The compiled version of the component is available here, with all the configuration resources needed for a correct deployment. Just add your WAR to that repository and replace existing one.

To deploy an instance of the Protection Orchestrator:

  1. Navigate to the root directory of the compiled version (it contains Dockerfile) and write this command: $ docker build -t witdom-core-po .
  2. Once you have built the Docker image, write this command to run a container: $ docker run -it -p 8080:8080 witdom-core-po
  3. Use this path to access the PO within the container: http://localhost:8080/witdom-core-po/*

Note: If you are running the container in Windows, use* to access the PO within the container (through Docker Virtual Machine).