Open source platform for X.509 service authentication and fine grained access

mooreds1 pts0 comments

Athenz IO - Home

Explore<br>Case Studies<br>Customer Stories<br>Documentation<br>Comparison

Slack

Github

Contact

( AuthNZ )

Open source platform for X.509 certificate<br>based service authentication and fine grained<br>access control in dynamic infrastructures

Get Started

Watch Video

Integrations

Never Trust &<br>Always Verify

Enables zero trust core principles like traffic encryption, AuthN, AuthZ, Dynamic Trust and least privilege access

Learn More

X.509 Certificate Based Authentication

Service identity in the form of short-lived X.509 certificates to all workloads deployed in private or public clouds

*How is Athenz different from SPIRE?

Learn More

Fine-grained Authorization

Authorize all authenticated clients using fine-grained role-based (RBAC) access control with industry standard JWT access tokens

Learn More

Identities for all workloads in your hybrid environment

Problem

How to enable Zero Trust core principles like traffic encryption and authentication among all workloads in a hybrid environment?

Solution

Athenz issues service identities in the form of short-lived X.509 certificates to all workloads deployed in private or public clouds enabling secure communication among all workloads with mTLS.

Learn More

Authorization and identity provider solution for your Kubernetes clusters

Problem

How do we provide credentials to container workloads to prove its identity and to authenticate with the Kubernetes API, establish mTLS with services, and define role-based access control (RBAC)?

Solution

An Identity provider mechanism enables workloads to authenticate with kubernetes container credentials such as pod bound service account tokens in exchange for Athenz service identity certificates using a callback mechanism that allows a kubernetes pod-aware identity service to authenticate such credentials.

Learn More

Industry Standard Authorization mTLS bound access token

Problem

How to deploy a centralized authorization store and deploy a consistent authorization solution based on industry standard OAuth2 access tokens without implementing the logic in each application?

Solution

Athenz Token Service issues industry standard mTLS bound OAuth2 access tokens that application services can use to both authenticate (x.509 identity certificates) and authorize requests based on policies defined in the Athenz Management System.

Learn More

AWS Temporary Credentials for On-Prem services

Problem

How to securely access AWS services from on-prem data centers without using static credentials defined in AWS IAM?

Solution

Services running in on-prem data can use their Athenz issued identity x.509 certificates to request AWS temporary credentials from Athenz Token Service running in AWS.

Learn More

Success Stories

Suresh Visvanathan<br>Sr. Director, Software Dev Engineering<br>Yahoo

"Athenz enriches Kubernetes workload security at Yahoo with fine-grain Role-based access control (RBAC) and service authentication. Athenz's rich set of APIs integrates seamlessly with any Container-as-a-Service Platform."

Christopher Tatsuya Yano<br>Platform Developer<br>LY Corporation

"Athenz secures large scale cloud computing platforms at LY corporation as a Single source of truth (SSoT). Athenz secures Yahoo! JAPAN services as a security platform with its flexible interface and its customizable APIs."

Getting Started

Explore the Athenz documentation and create a test development environment with ZMS (Athenz Management Service), ZTS (Athenz Token Service), and UI services. For reference implementation, visit the Java Client/Servlet or Go Client/Server example documentation.

Documentation

Athenz is a Cloud Native Computing Foundation sandbox project

athenz service access identity based learn

Related Articles