Authorization Features

Build-your-own authorization policy

Scaled Access lets you adapt authorization to your business needs. You decide who can do what, on what, and under what conditions.

We combine relationship based access control (ReBAC) with role based access control (RBAC) and attribute based access control (ABAC) so that you can build more complex and context based policies.

We adopt the security principles of the XACML policy language and we incorporate relationships in our unique authorization model, along with the standard XACML attributes such as subject, resource, action and context. This makes it easy for organizations to build and adapt their access policy.

Consent enforcement

With Scaled Access, no consent means no access to personal data.
Our platform enforces three consent dimensions that any digital ecosystem requires:
user-to-company, user-to-user and user-to-application.

Relationship based access control (ReBAC)

ReBAC lets our customers’ users share resources with others based on the relationships that are predefined in the access policy (“It is ok to share this information with your customer, patient or relative…”).

We provide sharing capabilities that lets your users invite others and share access. Invited users receive an invitation with a secure signup link.

Validation workflows

Scaled Access lets users get and share access all by themselves, without any back office interference. We use validation workflows to authorize requests in real-time.

These validation workflows check statements about user roles and attributes, resource attributes, context (location, time, device), and relationships (“user x was invited by user y with relationship z”). This information is then fed into our authorization engine to evaluate what permission to give based on the access policy in place.

We adopt the XACML reference architecture to ensure that access requests are evaluated in milliseconds.

Graph database

Our platform utilizes a graph database to optimize performance and guarantee real-time decision making.

Our graph database can manage an unlimited number of nodes and edges, and deal with a range of different resources and composite, context-specific and network relationships.

Externalized authorization

Externalizing authorization means separating policy management from the application lifecycle. So, no need to make changes to any of your applications when your authorization logic evolves. Let your developers focus on business defining functions and leave access management and access control to us.

Event stream

All events are captured and forwarded to the system of your choice. You can use this information to run analytics, perform audits, feed recommender systems or develop innovative services or tools.