What is Shield?
Shield is an IAM and SSO solution.
Shield authorization service supports fine-grained role-bindings.
It can support access control mechanisms such as RBAC, ABAC & UBAC. In addition to that, you can use a tree to set access to a group of resources. Shield service stores and manages users too, so you can have SSO using its implemented OAuth2 and OIDC.
Shield features
- SSO using OIDC.
- OAuth2.
- User management.
- Authorization: support RBAC, ABAC and UBAC.
- User federation between all services.
About Isolation
In this platform, all services have the same user store but have their policies, roles, and resources.
In Shield, we create services to isolate policies, roles, and resources.
Admin creates services and assigns them to service owners, after that service owners can manage their service roles, resources, and policies.
Services can not share resources and policies.
They can use roles from other services in their policies, so if service A creates a role, service B can use the created role in policies.
Finally, service owners use ServiceAccounts to get a token and use it in calls from services to authorization services (to create policies or check permissions). we will provide a UI to manage everything too.
INFO
All requests in the document are in cURL format.
You can use cURL converter to convert requests to any language's code you need.
INFO
In all cURL requests, put the real sso url address instead of localhost:4000 please.