Authorization for Microservices
Deploying our Orchestrated Authorization solution as a sidecar to perform a policy decision and protect the resources most valuable to you and your users.
See integration optionsAs organizations continue to focus on scale and speed they are turning to the adoption of microservices
While a microservices architecture has varying degrees of component granularity, the goal of dividing the application into individual services means the runtime authorization integration must adapt accordingly.
As part of our award-winning solution, the Axiomatics Policy Decision Point (PDP) uses policies and attribute data (PIP) to make decisions about whether an attempted resource access should be permitted or denied.
The PDP is provided as a REST/JSON-based microservice built with cloud-native principles. Enforcement is done in the architecture by Policy Enforcement Points (PEP), which by their nature must be environment-specific since it is their job to intercept attempts to access a resource.
This means the enforcement point must be relatively tightly coupled to the resource it is protecting.
In a traditional monolithic application, runtime authorization policies can be served and orchestrated from one policy decision point (PDP).
However, as the application is broken down into a microservice architecture, there are multiple options to integrate the PDP as part of the microservice.
Microservices integration options
For applications built with microservices, enforcement can be done either through a proxy as part of a service mesh (e.g. Envoy) or an embedded agent (PEP) in the microservices.
Additionally, you could deploy a proxy as a sidecar or as a more centralized service at the node or the cluster level, depending on your scalability needs.
Let's show you a demo and take the next leap in your authorization journey
Meet with us and see how our award-winning solution can help you meet today's access control and Zero Trust needs.
Request a demo