Versatile Access Control
To facilitate progressive profiling and access control, miaa Guard has developed the miaa PolicyChecker module, belonging to the miaa Cloudware suite. Its power is in enabling harmonised and externalised secure access control enforcement, simply based on a configured policy.
The PolicyChecker produces ‘access decisions’ for coarse-grained access control, for fine-grained access control, and for conditional progressive profiling. This enables you, for example, to distinguish between visitors, consumers, registered customers, professional customers and employees. This also facilitates secure progressive profiling whereby you can ask the user to enter additional details before proceeding.
Typical coarse-grained rules:
- user profile must have a confirmed e-mail address
- user status must be ‘active’
- user must have accepted the most recent T&C’s
Typical fine-grained rules:
- user must have an age that is more (or less) than N years, for example to implement an ‘age-gate’
- user must have a valid subscription, for example to enforce a ‘pay wall’
- user must be a customer with a customer-ID, for example to enable billing portals to constrain access to the user’s own invoices only, and to enable booking portals to constrain access to the user’s own agenda only
- user must live in a whitelisted country, for example to limit participation to a contest to French residents only
- user must have an appropriate role or qualification, e.g. is payingCustomer, authorisedSupplier or ownEmployee.
Typical conditional progressive profiling rules:
- user must indicate the birth year before proceeding
- user must indicate the postal address before proceeding
- user must enter a ‘party coupon’ that is printed on a paper invitation
- user must have reviewed or refreshed his profile in the past 3 months, and if not, he must first go to the edit-profile screen.
The PolicyChecker enables you to centralise the governance of the access policy. With the PolicyChecker, the logic of evaluating the rules becomes consistent and harmonised across all your digital properties. Whether the person is asking access through a browser or a mobile app, the PolicyChecker produces its access decision the same way. And whether the person is asking access to a regular website or a third party platform, such as a gamification engine or a video streaming service, the PolicyChecker that you configure is in control. As such, the decision process can be harmonised across all end user devices and across all your content delivery servers. Yet, the rules can be assigned on a property by property basis, when appropriate: which rules apply at a certain website, mobile app or other content server, and with which parameters.
The PolicyChecker performs its logic securely: it cannot be tampered with by the end user, nor by a third party platform provider or agency. Moreover, the PolicyChecker securely accesses the user profile and does not count on data stored in the browser, in the mobile app or on the web server.
The PolicyChecker takes into account any attribute in the user profile, including timestamps. Additionally, it can take certain context into account, such as type of device, the property being accessed and the date & time. As such, all the rules illustrated above can be implemented out-of-the-box, using our Build services.
The miaa PolicyChecker is designed, set-up and operated using our Taking care managed lifecycle.
During the Build phase, our integration services will:
- Coordinate with web developers, mobile developers, IT, Identity Management Platform vendor and any third party platform vendor in scope
- Tailor the rules to be adopted by the PolicyChecker
- Tailor the configuration settings and API endpoints