Authorization Features

Build-your-own Authorization Policy

Scaled Access lets you adapt authorization to your business needs. You decide who can do what, on what, and under what conditions.

We combine relationship-based access control (ReBAC) with role-based access control (RBAC) and attribute-based access control (ABAC) so that you can build more complex and context-based policies.

We adopt the security principles of the XACML policy language and we incorporate relationships in our unique authorization model, along with the standard XACML attributes such as subject, resource, action and context. This makes it easy for organizations to build and adapt their access policy.

Identity-less Access tokens

Users request access from their devices and we provide authorization in the form of an OAuth 2.0 JWT access token that is verified by the resource server in > 5 m/s.

Our platform issues JWT access tokens itself, or it can inject users’ authorization into your own access tokens.

Our tokens are anonymous and only contain the user’s permissions. This shields your applications from handling personal data and it also means that identifiable information about the subject, what their password is and why permission was given, remains hidden and can’t be intercepted.

Consent Enforcement

With Scaled Access, no consent means no access. We use the Consent Receipt Specification from the Kantara Initiative to store consent. Our platform enforces three consent dimensions that any digital ecosystem requires: user-to-company, user-to-user and user-to-application.

Consent Receipt Specification:
• consent record creation
• human-readable receipt
• links to privacy notices & policies
• what information is collected
• purposes for that collection
• information disclosure & usage

Relationship-based Access Control (ReBAC)

ReBAC lets our customers’ users share resources with others based on the relationships that are predefined in the access policy (“It is ok to share this information with your customer, patient or relative…”).

We provide sharing capabilities that lets your users invite others and share access. Users can select and invite other users and invited users receive an invitation with a secure signup link.

Validation Workflows

Scaled Access lets users get and share access all by themselves, without any back office interference. We use validation workflows to authorize requests in real-time.

These validation workflows check statements about user roles and attributes, resource attributes, context (location, time, device), and relationships (“user x was invited by user y with relationship z”). This information is then fed into our authorization engine to evaluate what permission to give based on the access policy in place.

We adopt the XACML reference architecture to ensure that access requests are evaluated in milliseconds.

Graph Database

Our platform utilizes a graph database to optimize performance and guarantee real-time decision making.

Our graph database can manage an unlimited number of nodes and edges, and deal with a range of different resources and composite, context-specific and network relationships.

Config API

Authorization policies define who gets to do what and is dependent on each specific business ecosystem and needs. We've developed a Config API to make it easy for each organization to build and adapt their own access policy.

The initial setup is done by a blueprint that you can fully customize to your business needs. You can define your user network, create consents for different regions, and decide which conditions your users must meet to be granted access.

Event stream

All events are captured and forwarded to the system of your choice. You can use this information to run analytics, perform audits, feed recommender systems or develop innovative services or tools.

We use cookies to enhance your experience. Find out more. By continuing to visit this site you agree to our use of cookies. X