yahoo/athenz

Name: athenz

Owner: Yahoo Inc.

Description: Athenz is a role-based authorization (RBAC) system for provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases.

Created: 2016-11-16 18:23:08.0

Updated: 2018-05-24 07:43:55.0

Pushed: 2018-05-23 21:21:40.0

Homepage:

Size: 7030

Language: Java

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

Athenz is a set of services and libraries supporting role-based authorization (RBAC) for provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases. Athenz authorization system utilizes two types of tokens: Principal Tokens (N-Tokens) and RoleTokens (Z-Tokens). The name “Athenz” is derived from “Auth” and the 'N' and 'Z' tokens.

Main features

---

Athenz provides both the functionality of a centralized system and a certificate and IP-based distributed system to handle on-box enforcement.

You get the following advantages using Athenz:

• Service-based security profile: Security definitions that automatically trickle down to hosts within the service.
• Dynamic provisioning: Scale fast or move workloads around without manual intervention (IP-less configuration).
• Single source of truth: Consolidated service profile serving various downstream security implementations, including support for non-user entities.
• Self-Service: Real-time configuration and enforcement of resource-based access control (dynamic manageability).

More importantly, we want engineers to use Athenz and not build their own role-based access control systems that have no central store and often rely on network ACLs and manual updating.

Documentation

---

• Getting Started
  • Development Environment
  • Local/Development Environment Setup
    • ZMS Server
    • ZTS Server
    • UI Server
  • Production Environment Setup
    • ZMS Server
    • ZTS Server
    • UI Server
• Architecture
  • Data Model
  • System View
  • Authorization Flow
• Features
  • Service Identity X.509 Certificates - Copper Argos
• Developer Guide
  • Centralized Access Control
    • Java Client/Servlet Example
    • Go Client/Server Example
  • Decentralized Access Control
    • Java Client/Servlet Example
• Customizing Athenz
  • Principal Authentication
  • Private Key Store
  • Certificate Signer
  • Service Identity X.509 Certificate Support Requirements - Copper Argos
• User Guide
  • ZMS Client Utility
  • ZPU Utility
  • Registering ZMS Service Identity

Contact

---

• Athenz-Dev for development discussions
• Athenz-Users for users questions

License

---

Copyright 2016 Yahoo Inc.

Licensed under the Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0