All Research
Executive View
I like this
I don't like this

Authlete API Authorization

Martin Kuppinger
Authlete is a set of APIs for service providers to implement the standard protocols OAuth and OIDC (OpenID Connect). It enables developers of digital services to offload protocol operations and access token lifecycle management to the backend service and thus simplifies development and operations of modern digital services that require secure API-based communication, authentication, and authorization. Authlete integrates well with all common programming frameworks, and can be deployed from the cloud or on-premises.

1 Introduction

Identity and Access Management (IAM) is a foundational element of cybersecurity today.

As a set of technologies, IAM encompasses user and entitlement provisioning, identity repositories, authentication mechanisms, authorization systems, web access management (WAM), federation and Single Sign-On (SSO), identity governance, access reconciliation, risk management, and many interfaces to other security systems.

Commonly, IAM is split into three major parts:

  • Identity Management: The management of identity lifecycles and their governance. This is commonly referred to as Identity Provisioning (Lifecycle Management) and Access Governance, or as IGA (Identity Governance and Administration),
  • Access Management: Enabling access of users, i.e., supporting authentication, identity federation, and authorization.
  • Privileged Access Management (PAM): These technologies focus on highly privileged users and the specific requirememts around these users, plus shared accounts. Capabilities include management of passwords for shared accounts and of privileged user sessions.

Many of the components of IAM have become standardized and even commoditized. To interoperate with other solutions and be successful in the marketplace, IAM products generally support the following standards:

  • Provisioning: SCIM
  • User identity storage: LDAP
  • Authentication: Kerberos, RADIUS, PKI/x.509 including SmartCards, FIDO U2F/UAF/2.0, W3C WebAuthn, and more
  • Federation: OAuth, OpenID, OpenID Connect (OIDC), and SAML
  • Authorization: JSON, JWT, UMA, and XACML, with OAuth and OIDC also serving authorization use cases

Access Management, also referred to as Web Access Management & Identity Federation, as one of the major disciplines is focused on providing access for users to services. They can deliver a SSO (Single Sign-On) experience to users, by authenticating the users on behalf of the target applications.

Integration can work either via standards for identity federation or – for legacy web applications that do not support modern identity federation standards – with methods such as password injection and providing authentication information as part of modified https headers. Authentication should integrate with the authentication standards listed above.

However, there also is increasing demand for providing federation and authorization services to digital services that are custom-built, with tight integration into these services. Again, this is about standards support and platforms that enable efficient delivery of these capabilities to developers, at the API level. This is essential when new digital services are created, where the client apps utilize APIs to connect to API providers, which again might utilize backend services. Common scenarios are in the Finance industry, e.g., around Open Banking and standards such as PSD2 (EU Payment Services Directive). The challenge here is that apps of, e.g., FinTechs, might require also access to backend services of other providers such as banks.

Managing access in such complex environments benefits from specialized solutions that can handle API access and authorization in an efficient manner. A provider of such a specialized solution is Authlete.

Full article is available for registered users with free trial access or paid subscription.
Log in
Register and read on!
Create an account and buy Professional package, to access this and 600+ other in-depth and up-to-date insights
Register your account to start 30 days of free trial access
Register
Get premium access
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use