athenz

Athenz is a role-based authorization (RBAC) system for provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases.

Github星跟蹤圖

Athenz

Athenz

Build Status

Athenz is a set of services and libraries supporting service authentication and role-based authorization (RBAC) for provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases. Athenz authorization system utilizes x.509 certificates and two types of tokens: Principal Tokens (N-Tokens) and RoleTokens (Z-Tokens). The use of x.509 certificates is strongly recommended over tokens. The name "Athenz" is derived from "AuthNZ" (N for authentication and Z for authorization).

Table of Contents

Background

Athenz is an open source platform for X.509 certificate based service authentication
and fine grained role based access control in dynamic infrastructures. It provides
support for the following three major functional areas.

Service Authentication

Athenz provides secure identity in the form of short lived X.509 certificate
for every workload or service deployed in private (e.g. Openstack, K8S, Screwdriver)
or public cloud (e.g. AWS EC2, ECS, Fargate, Lambda). Using these X.509 certificates
clients and services establish secure connections and through mutual TLS authentication verify
each other's identity. The service identity certificates are valid for 30 days only
and the service identity agents (SIA) part of those frameworks automatically refresh
them daily. The term service within Athenz is more generic than a traditional service.
A service identity could represent a command, job, daemon, workflow, as well as both an
application client and an application service.

Since Athenz service authentication is based on
X.509 certificates, it is
important that you have a good understanding what X.509 certificates are
and how they're used to establish secure connections in Internet protocols
such as TLS.

Role-Based Authorization (RBAC)

Once the client is authenticated with its x.509 certificate, the service
can then check if the given client is authorized to carry out the requested
action. Athenz provides fine-grained role-based access control (RBAC) support
for a centralized management system with support for control-plane access control
decisions and a decentralized enforcement mechanism suitable for data-plane
access control decisions. It also provides a delegated management model that
supports multi-tenant and self-service concepts.

AWS Temporary Credentials Support

When working with AWS, Athenz provides support to access AWS services
from on-prem services with using AWS temporary credentials rather than
static credentials. Athenz ZTS server can be used to request AWS temporary
credentials for configured AWS IAM roles.

Install

Usage

Contribute

Please refer to the contributing file for information about how to get involved. We welcome issues, questions, and pull requests.

You can also contact us for any user and development discussions through our groups:

License

Copyright 2016 Yahoo Inc.

Licensed under the Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0

主要指標

概覽
名稱與所有者AthenZ/athenz
主編程語言Java
編程語言Makefile (語言數: 10)
平台
許可證Apache License 2.0
所有者活动
創建於2016-11-16 18:23:08
推送於2025-04-23 02:43:39
最后一次提交2025-04-22 19:43:39
發布數303
最新版本名稱v1.12.14 (發布於 2025-04-11 20:51:21)
第一版名稱v1.0 (發布於 )
用户参与
星數0.9k
關注者數52
派生數284
提交數3.4k
已啟用問題?
問題數279
打開的問題數28
拉請求數2368
打開的拉請求數3
關閉的拉請求數266
项目设置
已啟用Wiki?
已存檔?
是復刻?
已鎖定?
是鏡像?
是私有?