pr comments

.custom_wordlist.txt

@@ -12,7 +12,6 @@ CLI
 CN
 config
 CORS
-cors
 CSRF
 Diátaxis
 DNS
@@ -32,8 +31,6 @@ HMAC
 https
 IAM
 IdP
-integrator
-Integrator
 init
 installable
 JAAS

how-to/index.rst

@@ -38,4 +38,4 @@ Security
 .. toctree::
    :maxdepth: 1
 
-   Harden your JIMM deployment <security_hardening>
+   Harden JIMM deployment <security_hardening>

how-to/security_hardening.rst

@@ -3,17 +3,20 @@ JAAS: Security Hardening
 JIMM, the service at the centre of JAAS can be hardened in a number of ways. This 
 document details how you can harden the security of your JAAS deployment. 
 
+.. hint::  
+    As a reference on JAAS security overview, check out :doc:`this <../reference/security>` topic. 
+
 CORS
 ----
 Cross-Origin Resource Sharing (`CORS <https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS>`__) 
 is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) 
 other than its own from which a browser should permit loading resources. CORS also relies on 
-a mechanism by which browsers make a "preflight" request to the server hosting the cross-origin 
-resource, in order to check that the server will permit the actual request. In that preflight, 
+a mechanism by which browsers make a "pre-flight" request to the server hosting the cross-origin 
+resource, in order to check that the server will permit the actual request. In that pre-flight, 
 the browser sends headers that indicate the HTTP method and headers that will be used in the 
 actual request.
 
-To set CORS on JIMM, use the configuration option "cors-allowed-origins".
+To set CORS on JIMM, use the configuration option ``cors-allowed-origins``.
 
 Ingress TLS
 -----------
@@ -27,41 +30,46 @@ You will require a domain that your ACME is aware of and an NGINX ingress contro
 on your Kubernetes cluster.
 
 With JAAS deployed, you can deploy both LEGO and the integrator, and integrate your LEGO charm deployment
-to your ingress integrator, and then the ingress integrator to JIMM to enable TLS ingress for
+to your ingress integrator, and then the ingress integrator to JIMM to enable TLS ingress for your deployment.
 
 Identity Provider
 -----------------
 JAAS uses the Canonical Identity Platform for authentication. The communication between JAAS
-and the identity platform can be secured via TLS.
+and the Identity Platform can be secured via TLS.
 
-You will require the identity Platform and the self-signed-certificates charm deployed.
+You will require the Identity Platform and the ``self-signed-certificates`` charm deployed.
 See `here <https://charmhub.io/topics/canonical-identity-platform/tutorials/e2e-tutorial>`__ for deploying the identity platform. 
 
-Your identity platform will require TLS enabled via the `self signed certificates charm <https://charmhub.io/self-signed-certificates>`__.
+Your Identity Platform will require TLS enabled via the `self-signed certificates charm <https://charmhub.io/self-signed-certificates>`__.
 
-Using JIMM's receive-ca-cert integration, you can now relate to the self-signed-certificates charm
+Using JIMM's ``receive-ca-cert integration``, you can now relate to the self-signed-certificates charm
 to enabled TLS between the identity platform and JIMM.
 
 OpenFGA
 -------
-JIMM uses OpenFGA for authorisation and currently, the OpenFGA charm does not support TLS.
+JIMM uses OpenFGA for authorisation and currently, the OpenFGA charm does not support TLS. See `here <https://charmhub.io/openfga-k8s>`__.
 
 Vault
 -----
-TLS is enabled by default when communicating with the Vault charm.
+TLS is enabled by default when communicating with the Vault charm. See `here <https://charmhub.io/vault?channel=1.16/stable>`__.    
 
 JIMM uses Vault for storing cloud credentials, JWKS, and other secrets.
 
 Juju Controllers
 ----------------
 TLS is enabled by default when communicating with controllers.
 
-When adding a Juju controller to JIMM, the self signed certificate of the controller is given to
+When adding a Juju controller to JIMM, the self-signed certificate of the controller is given to
 JIMM.
 
+.. hint::  
+    Checkout :doc:`this <../how-to/add_controller>` topic for adding controllers to JAAS. 
+
+
 PostgreSQL
 ----------
-JIMM uses PostgreSQL as its persistent storage layer. The communication between PostgreSQL can be encrypted
+JIMM uses PostgreSQL as its persistent storage layer. The communication with PostgreSQL can be encrypted
 via TLS. To enable TLS for charmed PostgreSQL you can follow this `guide <https://charmhub.io/postgresql-k8s/docs/t-enable-tls?channel=14/stable>`__.
 
-    As of October 2024, you need to manually restart JIMM if you enable TLS on PostgreSQL after having related the JIMM and PostgreSQL charms.
+.. hint::  
+    As of October 2024, you need to manually restart JIMM if you enable TLS on PostgreSQL after having related the JIMM and PostgreSQL charms.