TrustBuilder Gateway as Open Source
Ghent – Amsterdam, July 22nd 2016. SecurIT announces the intention to make its TrustBuilder Gateway software technology available to the Open Source Community in Q4 2016.
TrustBuilder Gateway is a high performance, scalable and reliable reversed proxy that can be used to protect both Web and API based applications. It has built-in redundancy and fail-over techniques that make it very suitable for business critical services. TrustBuilder Gateway is built on top of proven technologies like NGINX and Redis.
TrustBuilder Gateway is typically deployed between the client (e.g. browser, mobile app) and the backend resources (e.g. web application, API).
TrustBuilder Gateway enforces Authentication for access to these backend resources. If a client has no session or the session is expired, he will be re-directed by the gateway to an Authentication Service. Upon successful authentication, a session will be created. This session can furthermore be populated with additional information about the user being returned in the authentication response. Examples of such information are role, group or profile information, date of birth and country of origin. But basically it could be anything.
TrustBuilder Gateway also enforces Authorisation for access to these backend resources. If a client lacks privileges to access a backend resource, the gateway will send an authorisation request to an Authorisation Service. This request will contain all the information the gateway has collected so far about the user, the requested resource and contextual information (e.g. IP-address, geo-location, device fingerprint). The authorisation result is stored in the user’s session from where it will be accessed by the gateway to control access to the backend resources.
Finally, TrustBuilder Gateway is able to make any of the session data available to the backend resources. In most cases this is done to identity the client to the backend resource and to provide SSO (Single Sign On), but it could basically be any information the backend resource needs to carry out its tasks. This could for instance be a bank account or a contract number.
“We know that secure access is what propels digital enterprise transformation. At the intersection of mobile, cloud, and the Internet of Things, the only way to truly secure your enterprise is by ensuring that only trusted employees, partners, and customers access the right applications using trusted devices” said Marc Vanmaele, CEO SecurIT, “TrustBuilder’s unique combination of Web and API support in a single solution will help companies getting there, fast and secure.”
The Authentication and Authorisation Services are not part of TrustBuilder Gateway. These services will have to be provided by the party deploying the gateway. However, the REST API that needs to be exposed by these services is well documented as part of TrustBuilder Gateway. A licensed version of such a service is available as TrustBuilder IDHub. TrustBuilder IDHub exposes an ABAC (Attribute Based Access Control) engine and provides out-of-the-box username/password, One-Time-Password and certificate based authentication. It also allows for federated authentication and authorisation using SAML, OAuth and OpenID Connect.
Contact us for more information about TrustBuilder Gateway