Update the sidebar to remove so many Model refs (#595)

It's a bit overwhelming to consume the site and see that you have to
understand all these models. This simplifies it a bit. I also fixed up
some minor wording here and there.

website/content/docs/concepts/api-standards/index.mdx

@@ -1,11 +0,0 @@
----
-layout: docs
-page_title: API Standards
-sidebar_title: API Standards
-description: |-
-  An introduction to Boundary API standards.
----
-
-# Boundary API Standards
-
-This section covers our API standards including command line and HTTP API.

website/content/docs/concepts/api/cli-behavior.mdx

@@ -1,14 +1,14 @@
 ---
 layout: docs
-page_title: CLI Standards
-sidebar_title: CLI Standards
+page_title: CLI Behavior
+sidebar_title: CLI Behavior
 description: |-
-  Boundary's CLI standards
+  Boundary's CLI behavior
 ---
 
-# CLI Standards 
+# CLI Behavior
 
-Boundary's CLI has predictable behavior throughout its various commands. This page details these standards to help users make better use of the CLI.
+Boundary's CLI has predictable behavior throughout its various commands. This page details the common patterns in used in order to help users make better use of the CLI.
 
 ## Parameter Handling
 

website/content/docs/concepts/api/http-api-model.mdx

@@ -22,8 +22,8 @@ Boundary's current API version is 1; all API paths begin with `/v1/`.
 * `400`: Boundary returns `400` when a command cannot be completed due to invalid user input, except for a properly-formatted identifier that does not map to an existing resource, which will return a `404` as discussed below.
 * `401`: Boundary returns `401` if no authentication token is provided or if the provided token is invalid. A valid token that simply does not have permission for a resource will return a `403` instead. A token that is invalid or missing, but where the anonymous user (`u_anon`) is able to successfully perform the action, will not return a `401` but instead will return the result of the action.
 * `403`: Boundary returns `403` if a provided token was valid but does not have the grants required to perform the requested action.
-* `404`: Boundary returns `404` if a resource cannot be found. Note that this happens _prior_ to authentication/authorization checking in nearly all cases as the resource information (such as its scope, available actions, etc.) is a required part of that check. As a result, an action against a resource that does not exist will return a `404` instead of a `401` or `403`. While this could be considered an information leak, since IDs are randomly generated and this only discloses whether an ID is valid, it's tolerable.
-* `405`: Boundary returns a `405` to indicate that the method is not implemented for the given resource.
+* `404`: Boundary returns `404` if a resource cannot be found. Note that this happens _prior_ to authentication/authorization checking in nearly all cases as the resource information (such as its scope, available actions, etc.) is a required part of that check. As a result, an action against a resource that does not exist will return a `404` instead of a `401` or `403`. While this could be considered an information leak, since IDs are randomly generated and this only discloses whether an ID is valid, it's tolerable as it allows for far simpler and more robust client implementation.
+* `405`: Boundary returns a `405` to indicate that the method (HTTP verb or custom action) is not implemented for the given resource.
 * `500`: Boundary returns `500` if an error occurred that is not (directly) tied to invalid user input. If a `500` is generated, information about the error will be logged to Boundary's server log but is not generally provided to the client.
 
 ## Path Layout

website/content/docs/concepts/api/index.mdx

@@ -0,0 +1,12 @@
+---
+layout: docs
+page_title: API
+sidebar_title: API
+description: |-
+  An introduction to Boundary's API.
+---
+
+# Boundary API
+
+This section covers our API, including information about its underlying model
+and how the CLI implements support for the API.

website/content/docs/concepts/security-model/index.mdx

@@ -1,11 +0,0 @@
----
-layout: docs
-page_title: Security Model 
-sidebar_title: Security Model
-description: |-
-  Boundary security model overview.
----
-
-# Security Model
-
-This section describes the security models that Boundary follows. Here you can find in-depth analysis about how permissions, identity, and target security are handled within the Boundary product.

website/content/docs/concepts/security/index.mdx

@@ -0,0 +1,11 @@
+---
+layout: docs
+page_title: Security
+sidebar_title: Security
+description: |-
+  Boundary security overview.
+---
+
+# Security
+
+This section describes Boundary's security norms. Here you can find in-depth analysis about how permissions, identity, and target security are handled within the Boundary product.

website/content/docs/concepts/security/permissions-model.mdx

@@ -117,20 +117,6 @@ the scope, but *only the host sets belonging to host catalog hcst_1234567890*.
 Pinning is essentially a way to use top-level resources to create mini
 permission boundaries for their subordinate resources.
 
-### Templates
-
-A few template possibilities exist, which will at grant evaluation time
-subsitute the given value into the ID field of the grant string:
-
-* `{{account.id}}`: The substituted value is the account ID associated with the
-token used to perform the action. As an example,
-`id={{account.id}};actions=read,change-password"` is one of Boundary's default
-grants to allow users that have authenticated with the Password auth method to
-change their own password.
-
-* `{{user.id}}`: The substituted value is the user ID associated with the token
-used to perform the action.
-
 ### Wildcard ID
 
 Various wildcard possibilities are allowed:
@@ -168,6 +154,20 @@ Finally, ID, type, and actions can all be wildcards:
 
 Such a grant is essentially a full administrator grant for a scope.
 
+### Templates
+
+A few template possibilities exist, which will at grant evaluation time
+subsitute the given value into the ID field of the grant string:
+
+* `{{account.id}}`: The substituted value is the account ID associated with the
+token used to perform the action. As an example,
+`id={{account.id}};actions=read,change-password"` is one of Boundary's default
+grants to allow users that have authenticated with the Password auth method to
+change their own password.
+
+* `{{user.id}}`: The substituted value is the user ID associated with the token
+used to perform the action.
+
 ## Resource Table
 
 The following table works as a quick cheat-sheet to help you manage your

website/data/docs-navigation.js

@@ -2,9 +2,9 @@
 //
 // - A string refers to the name of a file
 // - A "category" value refers to the name of a directory
-// - All directories must have an "index.mdx" file to serve as
-//   the landing page for the category, or a "name" property to
-//   serve as the category title in the sidebar
+// - All directories must have an "index.mdx" file to serve as the landing page
+//   for the category, or a "name" property to serve as the category title in
+//   the sidebar
 
 export default [
   {
@@ -29,12 +29,19 @@ export default [
   {
     category: 'concepts',
     content: [
-		  {
-        category: 'security-model',
-			  content: [
-				  'permissions-model',
-				]
-			},
+      {
+        category: 'api',
+        content: [
+          'http-api-model',
+          'cli-behavior',
+        ]
+      },
+      {
+        category: 'security',
+        content: [
+          'permissions-model',
+        ]
+      },
       {
         category: 'domain-model',
         content: [
@@ -56,13 +63,6 @@ export default [
           'users',
         ],
       },
-			{
-        category: 'api-standards',
-				content: [
-          'http-standards',
-          'cli-standards',
-				]
-			},
     ],
   },
   '---',