By SHRIRAM RAJAGOPALAN, IGNASI BARERRA, and DAVID FERRAIOLO
Editors note: Tetrate Q has been folded into Tetrate Service Bridge, making Next Generation Access Control (NIST) a built-in feature for Tetrate’s service bridge platform.
The modern enterprise infrastructure is a mishmash of legacy infrastructure, SaaS services, a smattering of cloud-native platforms like Kubernetes, along with an aging access control system that struggles to keep up with all the changes in the enterprise as it marches toward modernization. We no longer live in a world where the infrastructure is full of pets and the users come from set geographies with fixed access patterns. Technology has enabled users to access applications from the convenience of their mobile phones, anytime, anywhere on the planet. The security perimeter that was once synonymous with the network perimeter has now disappeared.
Along with the disappearance of the security perimeter, data decentralization has become another thorny problem in the enterprise. Data in an enterprise today is widely dispersed across internal databases, warehouses, external SaaS platforms, and end-user devices. Protecting access to this data, ensuring that data is used in a compliant manner by the right person from the right location, and generating access matrices of who has access to a given piece of data requires an approach that surpasses those traditionally offered by either role-based or attribute-based access control mechanisms.
Tetrate’s Q is a refreshing new take on access control for modern infrastructure, based on the state-of-the-art Next Generation Access Control (NGAC) model from NIST. The crux of Q is an access model representation encompassing the global state of the system — the services, data, and users. Q draws information from the service registry, existing identity management systems, and the like. That’s quite a lot of data!
In addition, concepts like location, time, and data can be explicitly modeled in Q to create a rich, close to mental model, state of the system. Being able to effectively model locality and embed it in access policies in an efficient way is a must in modern distributed architectures where data is decentralized. Systems must be GDPR compliant and enforce that data is accessed by the right people from the right location. Such enforcement cannot be done in a scalable way without a system that understands locality as a first-class concept.
Q is independent of the form of authorization. The information provided by Q merely tells you whether a particular user is allowed to perform a specific operation on a given piece of data, from a given location at a given time. An authorization server built on top of Q can choose to encode such information as JWT claims, SAML assertions, etc., depending on the technology preference. Over the coming months, we will be providing a few of these embellishments ourselves, but the core of Q will remain a modular entity that can be easily assimilated into any authorization infrastructure.
Auditability is vital to any authorization infrastructure. Being able to generate a report of all users, their capabilities and accesses in the form of an access matrix is a common requirement in most enterprises. This task was easily accomplished in the old world RBAC systems that had a list of users, their roles and accesses. With the modern heterogeneous infrastructure and diverse access patterns, the trend has been to adopt an ABAC approach to authorization. ABAC, unfortunately, makes it extremely difficult to generate such reports due to its lack of global system view. The global state maintained by Q provides a rich information base to build such access matrices and update them periodically as the system changes over time. This makes Tetrate Q capable of easily providing answers to common questions that traditional systems cannot compute in an efficient way:
Who accessed what?
When did access happen?
Why was access allowed or denied?
These unique features from Tetrate Q provide a perfect framework to properly model and implement a wide variety of access policies in a consistent way while keeping the semantics of your domain model.