Welcome

The diagram below sketches how authentication and authorization is handled in most of today’s applications.

On the one hand it allows the backend service to fully control the corresponding security requirements. On the other hand it has some limitations:

All this pretty often leads to the fact that up to 60% of the implementation efforts are spent on security topics and only the smaller rest on the actual business requirements. In addition, these limitations imply a lot of effort if there are changes to authentication and authorization requirements. So, what would you do if you have to use multiple authentication systems, e.g. for your customers and for your system admins, or backoffice stuff? What would you do, if e.g. our business would like to introduce a new service subscription model for its customers? What does this mean in sense of coordination-, implementation efforts and time-to-market?

Heimdall addresses the aforesaid challenges companies and developers face, especially with a distributed or microservices architecture. Whether you’re building from scratch or migrating existing applications, heimdall can help and allows you to transparently add security capabilities related to authentication and authorization without adding them to your own code, but nevertheless, by completely retaining control. It can do so standalone, but also integrated into available infrastructure.

Heimdall intercepts all your application related network traffic, allowing a broad set of application aware authentication and authorization features based on the rules you define. This is done by routing each request through a rule specific pipeline as depicted in diagram below.

This pipeline ensures that, according to the needs of the particular backend service endpoint,

And all of that can be controlled by each and every backend service individually.