Ocelot
Business-Driven Authorization Engine for Cloud-Native Applications.
You are in control
Through Ocelot you can define which services should be involved in each specific business operations, which users are allowed to perform these actions as well as which roles, attributes or security levels are required.
Protect your services from the very beginning
Ocelot assigns identities to your workloads as soon as your first commits are merged to your main branch.
Even before your environments have any running code, Ocelot knows about the services your team are developing based on the definitions they commit to their source repository. This ensures that each single service has segregated identities associated with specific roles and permissions even before those services are actually deployed to the different production and non-production environments.
Business-Driven Authorization
Take a business-centric approach to security by making Ocelot aware of your business operations.
Define specific policies describing how services collaborate with each other in order to complete a specific business operation. Specify which role and/or permission is required to trigger such operations and let Ocelot enforce these rules.
Business-driven approach to Service Mesh Security
Ocelot adopts a business-driven approach to securing your service mesh.
Through Ocelot, the team developing a specific service is able to define the security policy governing its behavior. They do so by defining these policies in code and committing them to their source control system together with the service code.
This approach ensures that security is built-in instead of bolt-on as an after-thought, shifting left the implementation of defense mechanisms, which can now happen while features are developed into the application.
Auditors and Security Staff will be able to analyze all policies for every single service deployed in the mesh in a single application, the Ocelot Portal. The Ocelot Portal shows constantly up-to-date information, without requiring the team to keep their documentation up to date manually.
The authorization-as-code approach ensures that teams can only impact services they own. Developers are not be able to change the code of services and systems owned by other teams, so they will not be able to modify their security policies. Moreover, this also ensures a quick and transparent adoption, not requiring the team to learn and use new tools.
Define a distributed security policy in the easiest and most effective way
Ocelot removes the need of learning any new technology. This enables the dev teams to focus on delivering value to your customers by using the tools they love.
The security policy for a specific service resides with the code for that specific service and it is subject to any review process already in place for source code.
In this way the developers have access exclusively to those parts of the security policy that directly relates to their own service and nothing else; they do not even have the need to access centralised security components, to manually perform changes, or worse to have a centralised security team wasting their time supporting every single change required by every single application team.
The Developers know best how their own services should behave.
Ocelot enables them to define and maintain their services’ security policies without having to learn or even get access to bespoke solutions and/or tools; everything works through git.
Security policies are then validated, combined, and optimized for runtime in a centralized highly available Ocelot cluster. The latter is then invoked for business operation authorization, token generation, certificate emission, and so on.
Moreover, through its web application, you can easily get an overview of the current security policy across your entire IT landscape and use that for audit and fully-automated documentation.
Ocelot removes the need of learning any new technology. This enables the dev teams to focus on delivering value to your customers by using the tools they love.
The security policy for a specific service resides with the code for that specific service and it is subject to any review process already in place for source code.
In this way the developers have access exclusively to those parts of the security policy that directly relates to their own service and nothing else; they do not even have the need to access centralised security components, to manually perform changes, or worse to have a centralised security team wasting their time supporting every single change required by every single application team.
The Developers know best how their own services should behave.
Ocelot enables them to define and maintain their services’ security policies without having to learn or even get access to bespoke solutions and/or tools; everything works through git.
Security policies are then validated, combined, and optimized for runtime in a centralized highly available Ocelot cluster. The latter is then invoked for business operation authorization, token generation, certificate emission, and so on.
Moreover, through its web application, you can easily get an overview of the current security policy across your entire IT landscape and use that for audit and fully-automated documentation.
Ocelot removes the need of learning any new technology. This enables the dev teams to focus on delivering value to your customers by using the tools they love.
The security policy for a specific service resides with the code for that specific service and it is subject to any review process already in place for source code.
In this way the developers have access exclusively to those parts of the security policy that directly relates to their own service and nothing else; they do not even have the need to access centralised security components, to manually perform changes, or worse to have a centralised security team wasting their time supporting every single change required by every single application team.
Fine-grained Control
Open ID Connect Support
Ocelot integrates with any Open ID Connect Identity provider, so that you do not need to copy paste your current setup anywhere.
Dynamic Session Security
Ocelot supports dynamic session security level that changes through its lifetime based on security events happening throughout the IT landscape.
Custom scopes and roles
Ocelot can fit your business perfectly thanks to the ability of defining custom scopes and roles.