The Limits of “Man-in-the-Middle” Architecture for Authorization
Veza's approach to building an authorization platform differs from other companies in the Identity-First Security market by utilizing an out-of-band architecture instead of an in-line one. The in-line approach, which involves a proxy or agent sitting between data and users, is believed to have four fatal flaws: slow deployment due to security reviews, downtime risk, new points of failure, and increased policy complexity. Veza's out-of-band solution pulls metadata from APIs, leverages existing authorization policies and systems, and avoids the issues associated with in-line architecture. This approach is faster to deploy, has no downtime risk or new points of failure, and reduces policy complexity by helping users understand and manage their authorization policies more effectively.
Company
Veza
Date published
Jan. 25, 2023
Author(s)
Rich Dandliker
Word count
625
Language
English
Hacker News points
None found.