Versatile Access Control

To facilitate progressive profiling and access control, miaa Guard has developed the miaa PolicyChecker module, belonging to the miaa Cloudware suite. Its power is in enabling harmonised and externalised secure access control enforcement, simply based on a configured policy.

The PolicyChecker produces ‘access decisions’ for coarse-grained access control, for fine-grained access control, and for conditional progressive profiling. This enables you, for example, to distinguish between visitors, consumers, registered customers, professional customers and employees. This also facilitates secure progressive profiling whereby you can ask the user to enter additional details before proceeding.

Typical coarse-grained rules:

  • user profile must have a confirmed e-mail address
  • user status must be ‘active’
  • user must have accepted the most recent T&C’s

Typical fine-grained rules:

  • user must have an age that is more (or less) than N years, for example to implement an ‘age-gate’
  • user must have a valid subscription, for example to enforce a ‘pay wall’
  • user must be a customer with a customer-ID, for example to enable billing portals to constrain access to the user’s own invoices only, and to enable booking portals to constrain access to the user’s own agenda only
  • user must live in a whitelisted country, for example to limit participation to a contest to French residents only
  • user must have an appropriate role or qualification, e.g. is payingCustomer, authorisedSupplier or ownEmployee.

Typical conditional progressive profiling rules:

  • user must indicate the birth year before proceeding
  • user must indicate the postal address before proceeding
  • user must enter a ‘party coupon’ that is printed on a paper invitation
  • user must have reviewed or refreshed his profile in the past 3 months, and if not, he must first go to the edit-profile screen.

Please refer to Role-based accessAttribute-based accessScalable B2B access and On the use of passwords for some use cases.

Your benefits


The miaa PolicyChecker enables you to centralise the logic of evaluating the rules. Whether the person is asking access through a browser or a mobile app, the PolicyChecker can prepare the decision. And whether the person is asking access to a regular website or a third party platform, such as a gamification engine or a video streaming service, the PolicyChecker can prepare the decision. As such, the decision process can be harmonised across all end user devices and across all your content delivery servers. Yet, the rules can be assigned on a property by property basis, when appropriate: which rules apply at a certain website, mobile app or other content server, and with which parameters.


The PolicyChecker performs its logic securely: it cannot be tampered with by the end user, nor by a third party platform provider or agency. Moreover, the PolicyChecker securely accesses the user profile and does not count on data stored in the browser, in the mobile app or on the web server.


The PolicyChecker takes into account any attribute in the user profile, including timestamps. Additionally, it can take certain context into account, such as type of device, the property being accessed and the date & time. As such, all the rules illustrated above can be implemented out-of-the-box, using our Build services.

Managed lifecycle

The miaa PolicyChecker is designed, set-up and operated using our Taking care managed lifecycle.

During the Build phase, our integration services will:

  • Coordinate with web developers, mobile developers, IT, Identity Management Platform vendor and any third party platform vendor in scope
  • Tailor the rules to be adopted by the PolicyChecker
  • Tailor the configuration settings and API endpoints