At Yahoo, our internal continuous delivery solution uses this model. The name “Athenz” is derived from “Auth” and the ‘N’ and ‘Z’ tokens.Ĭentralized Access Control: The centralized access control model requires any Athenz-enabled application to contact the Athenz Management Service directly to determine if a specific authenticated principal (user and/or service) has been authorized to carry out the given action on the requested resource. Like principal tokens, they are signed to prevent tampering. Role tokens authorize a given principal to assume some number of roles in a domain for a limited period of time. A service generates its principal token using that service’s private key. The principal token is an identity token that identifies either a user or a service. In instances where performance is absolutely critical for your applications or services, we provide a unique decentralized access control model that provides on-box enforcement of authorization.Īthenz’s authorization system utilizes two types of tokens: principal tokens (N-Tokens) and role tokens (Z-Tokens). More commonly used, the centralized access control model is ideal for provisioning and configuration needs. It allows product administrators to manage what roles are allowed or denied to their applications or services in a centralized management system through a self-serve UI.Īthenz provides two authorization access control models based on your applications’ or services’ performance needs. Athenz was built with open source in mind so as to share it with the community and further its development.Īt Yahoo, Athenz authorizes the dynamic creation of compute instances and containerized workloads, secures builds and deployment of their artifacts to our Docker registry, and among other uses, manages the data access from our centralized key management system to an authorized application or service.Īthenz provides a REST-based set of APIs modeled in Resource Description Language (RDL) to manage all aspects of the authorization system, and includes Java and Go client libraries to quickly and easily integrate your application with Athenz. To simplify, we built a fine-grained, role-based authorization solution that would satisfy the feature and performance requirements our products demand. Prior to creating Athenz, we had multiple ways of managing permissions and access control across all services within Yahoo. Moreover, in very high-scale situations, you may run out of the limited number of network ACL rules that your hardware can support.
Athenz supports moving workloads from one node to another and gives new compute resources authorization to connect to other services within minutes, as opposed to relying on IP and network ACL solutions that take time to propagate within a large system. Whether you are using container or VM technology independently or on bare metal, you may need a dynamic and scalable authorization solution. If you need to grant access to a set of resources that your applications or services manage, Athenz provides both a centralized and a decentralized authorization model to do so. Athenz is a role-based access control (RBAC) solution, providing trusted relationships between applications and services deployed within an organization requiring authorized access. Today, we are pleased to offer Athenz, an open-source platform for fine-grained access control, to the community. Post Syndicated from mikesefanov original īy Lee Boynton, Henry Avetisyan, Ken Fox, Itsik Figenblat, Mujib Wahab, Gurpreet Kaur, Usha Parsa, and Preeti Somal
0 kommentar(er)
