ORY Oathkeeper is an Identity & Access Proxy (IAP) that authorizes HTTP requests based on sets of rules. The BeyondCorp Model is designed by Google and secures applications in Zero-Trust networks. An Identity & Access Proxy is typically deployed in front of (think API Gateway) web-facing applications and is capable of authenticating and optionally authorizing access requests.
While the full feature set of the BeyondCorp Whitepaper is not yet implemented, the goal of this project is to achieve this in the future.
ORY Oathkeeper is a reverse proxy which evaluates incoming HTTP requests based on a set of rules that are defined by administartive users. ORY Oathkeeper is thus capable of:
- Identifying the user and providing the user session to API backends (authentication).
- Restricting access to certain resources based on a set of rules (authorization).
- Transforms access credentials (e.g. OAuth2 Access Tokens, SAML Assertions, ...) to a format (e.g. JSON Web Token, Plaintext, Basic Authorization, ...) consumable by your API services.
This service is stable, but under active development and may introduce breaking changes in future releases. Any breaking change will have extensive documentation and upgrade instructions.
来源:oschina
链接:https://my.oschina.net/u/4381479/blog/3851836