The next security level for your authorisations.
More than attribute-based authorisation control.A dynamic access control that is scalable and more secure.
For a long time, we have been thinking about how to control authorisations for Internet applications in a more granular and secure way. To make the whole thing scalable and usable for modern cloud applications in particular, we have found a new approach: token-based authorisation. Today this is something similar to verifiable credentials.
Elegant security for complex access authorisations
Because authentication is no longer enough to authorise authorised users.
Security requirements have increased in internet and cloud applications. On the one hand, it should be easy to administer and on the other, it should be secure. Sometimes these are mutually exclusive. That’s why we have a solution that fulfils both requirements.
TBAC or token-based authorisation assignment at a glance:
Highly scalable
Regardless of the number of users and various authorisations, SecuRole® provides the option of working with significantly more than 100,000 registered users. This is indispensable, especially in the consumer sector, but also in the B2B sector. This also applies to applications in regulated environments such as healthcare, energy or citizen services.
Here, scaling does not refer to the authentication of users, but to their roles and authorisations. We master the authentication of a large number of users anyway.
Application operators can keep their existing role management concept (RBAC, ABAC, …) and add a layer of scaling with our authorisation assignment.
Just in time
Previously, assigning roles and rights was a time-consuming procedure that had to be set up in advance via the applications. Since we have completely redesigned the process of assigning authorisations, some steps are no longer necessary.
During a user’s session, their roles are transferred via a digitally signed token. However, it is important to note that this no longer takes place via the same ‘channel’ as the authentication itself (usually via SSO).
Highly secure
- End-to-end validation of authorisation
- Additional security level through separation of authentication and authorisation (other instance signs the authorisation token) does not allow hackers to control access
- Digital signature
- Dedicated / fine-grained authorisation of authenticated users
- Privileged accounts have other security classes (‘higher trust level’)
- Zero Trust compatible
We therefore offer the highest possible level of security with our authorisation assignment. We have several KRITIS customers, who are using this secure method to authorize users.
Less complex
- Provisioning is done just-in-time and does not have to be set up in advance
- Reconciliation is completely eliminated, no complex exchange of information regarding changed roles and authorisations to keep the system up to date
- Recertification is a local process
- Applications no longer need their own user administration
To understand this properly, we organised a webinar with Kuppinger & Cole. Click here to register for free: The evolution of access control
100% GDPR
The different approach to the synchronisation of roles and authorisations means that you are automatically GDPR-compliant. This is because your applications no longer need their own user administration.
Easy to implement
As we add a further security level to your existing authorisation system, there are hardly any noticeable changes for you. This is because SecuRole® utilises existing technologies:
- Built on JSON and JWT (JSON Web Token)
- Directly compatible with OIDC and SAML
- Minimal changes to existing IAM installations
We will soon publish our framework and associated libraries (Java, .NET) as open source code under Apache II.
And now you come…
You have probably been annoyed more than once when it comes to the topic of authorisations. Perhaps employees or partners did not have direct access to resources in your systems. And for external users, you can hardly afford for authorised access not to work or for data protection not to be complied with.
We don’t want to offer you a half-hearted solution, because we have our own requirements for modern authorisation assignment that is also secure. We want to share this with you. Become a professional for your users yourself by using token-based authorisation assignment.
Users
Millions of users
Dynamically grant and control access rights. For millions of users and finely granular. Doesn’t exist? Yes, it is possible with the intelligent approach for token-based authorisation.
Interested in more background knowledge?
If we have aroused your curiosity and you know what you need, please get in touch with us. You will find a contact form below.
Would you like to better understand what Login-Master offers in access control? Then take a look at these pages:
or on our blog
Access: fine-grained control. Manage authorisations securely.
We think that you too can benefit greatly from using our method to manage your authorisations. Let’s talk about it.