+
  Policy’s role in authorization, XACML today, & OpenID’s new policy charter Listen to the podcast  
Authorization for Microservices

Authorization for Microservices

Deploying our Orchestrated Authorization solution as a sidecar to perform a policy decision and protect the resources most valuable to you and your users.

See integration options

As organizations continue to focus on scale and speed they are turning to the adoption of microservices

While a microservices architecture has varying degrees of component granularity, the goal of dividing the application into individual services means the runtime authorization integration must adapt accordingly.

man- discussing about project with female developer

As part of our award-winning solution, the Axiomatics Policy Decision Point (PDP) uses policies and attribute data (PIP) to make decisions about whether an attempted resource access should be permitted or denied.

The PDP is provided as a REST/JSON-based microservice built with cloud-native principles. Enforcement is done in the architecture by Policy Enforcement Points (PEP), which by their nature must be environment-specific since it is their job to intercept attempts to access a resource.

This means the enforcement point must be relatively tightly coupled to the resource it is protecting.

In a traditional monolithic application, runtime authorization policies can be served and orchestrated from one policy decision point (PDP).

However, as the application is broken down into a microservice architecture, there are multiple options to integrate the PDP as part of the microservice.

protection icons

Microservices integration options

For applications built with microservices, enforcement can be done either through a proxy as part of a service mesh (e.g. Envoy) or an embedded agent (PEP) in the microservices.

Additionally, you could deploy a proxy as a sidecar or as a more centralized service at the node or the cluster level, depending on your scalability needs.

Axiomatics microservices integration chart

Learn more about how Axiomatics delivers the
authorization approach
that works for your enterprise

The Role of Orchestrated Authorization in a Cloud-native Environment

Learn how Orchestrated Authorization addresses the needs of the large enterprise, bringing flexibility to authorization deployment.

Learn more

You have questions, we have answers

There are a lot of questions surrounding authorization, ABAC, RBAC, and we've compiled a Q&A to help learn and get you started with our solution.

Learn more

Policy-based access management and the evolution of authorization

Policy-based access management and the evolution of authorization

Learn more
Axiomatics icon

Let's show you a demo and take the next leap in your authorization journey

Meet with us and see how our award-winning solution can help you meet today's access control and Zero Trust needs.

Request a demo