Scaled Access lets you adapt authorization to your business needs. You decide who can do what, on what, and under what conditions.
We combine relationship-based access control (ReBAC) with role-based access control (RBAC) and attribute-based access control (ABAC) so that you can build more complex and context-based policies.
We adopt the security principles of the XACML policy language and we incorporate relationships in our unique authorization model, along with the standard XACML attributes such as subject, resource, action and context. This makes it easy for organizations to build and adapt their access policy.
Users request access from their devices and we provide authorization in the form of an OAuth 2.0 JWT access token that is verified by the resource server in > 5 m/s.
Our platform issues JWT access tokens itself, or it can inject users’ authorization into your own access tokens.
Our tokens are anonymous and only contain the user’s permissions. This shields your applications from handling personal data and it also means that identifiable information about the subject, what their password is and why permission was given, remains hidden and can’t be intercepted.
With Scaled Access, no consent means no access. We use the Consent Receipt Specification from the Kantara Initiative to store consent. Our platform enforces three consent dimensions that any digital ecosystem requires: user-to-company, user-to-user and user-to-application.
Consent Receipt Specification:
• consent record creation
• human-readable receipt
• links to privacy notices & policies
• what information is collected
• purposes for that collection
• information disclosure & usage
ReBAC lets our customers’ users share resources with others based on the relationships that are predefined in the access policy (“It is ok to share this information with your customer, patient or relative…”).
We provide sharing capabilities that lets your users invite others and share access. Users can select and invite other users and invited users receive an invitation with a secure signup link.
Scaled Access lets users get and share access all by themselves, without any back office interference. We use validation workflows to authorize requests in real-time.
These validation workflows check statements about user roles and attributes, resource attributes, context (location, time, device), and relationships (“user x was invited by user y with relationship z”). This information is then fed into our authorization engine to evaluate what permission to give based on the access policy in place.
We adopt the XACML reference architecture to ensure that access requests are evaluated in milliseconds.
Our platform utilizes a graph database to optimize performance and guarantee real-time decision making.
Our graph database can manage an unlimited number of nodes and edges, and deal with a range of different resources and composite, context-specific and network relationships.
Externalizing authorization means separating policy management from the application lifecycle. So, no need to make changes to any of your applications when your authorization logic evolves. Let your developers focus on business defining functions and leave authorization to us.
All events are captured and forwarded to the system of your choice. You can use this information to run analytics, perform audits, feed recommender systems or develop innovative services or tools.