Yahoo Open Sources Athenz Container Access Control

Athenz authorizes the dynamic creation of compute instances and containerized workloads, secures builds and deployment of artifacts to a Docker registry.

Yahoo.sign

Yahoo often doesn't get enough credit for the contributions it has sent to the open source community during the past decade or so.

Besides the original development of Hadoop a dozen years ago, Yahoo has been an active participant in projects such as those listed on the company's Github page, in various Apache Software Foundation Communities, and in niche communities such as CPAN and others.  

Yahoo's latest contribution is Athenz, an open-source platform for fine-grained access control that it released May 8. Athenz is a role-based access-control (RBAC) solution, providing trusted relationships between applications and services deployed within an organization requiring authorized access.

Athenz authorizes the dynamic creation of compute instances and containerized workloads, secures builds and deployment of artifacts to a Docker registry, and among other uses, manages the data access from a centralized key management system to an authorized application or service.

If network admins need to grant access to a set of resources that their applications or services manage, Athenz provides both a centralized and a decentralized authorization model to do so. Whether they are using container or virtual-machine technology independently or on bare metal, they may need a dynamic and scalable authorization solution.

Athenz supports moving workloads from one node to another and gives new compute resources authorization to connect to other services within minutes, as opposed to relying on internet protocol and network ACL (access control list) solutions that take time to propagate within a large system.

An ACL is an optional layer of security that acts as a firewall for controlling traffic in and out of one or more subnets.

Moreover, in very high-scale situations, network admins may run out of the limited number of network ACL rules that their hardware can support.

Prior to creating Athenz, Yahoo had multiple ways of managing permissions and access control across all services internally. To simplify all of this, Yahoo built this authorization solution that would satisfy the feature and performance requirements its products demanded. Athenz was built from the get-go with open source in mind in order to share it with the community and further its development.

Athenz provides a REST-based set of APIs modeled in Resource Description Language (RDL) to manage all aspects of the authorization system, and includes Java and Go client libraries to quickly and easily integrate your application with Athenz. It allows product administrators to manage what roles are allowed or denied to their applications or services in a centralized management system through a self-serve UI.

For more details, see this Tumblr blog.

Chris Preimesberger

Chris Preimesberger

Chris Preimesberger is Editor of Features & Analysis at eWEEK, responsible in part for the publication's coverage areas. In his 10 years and more than 3,500 stories at eWEEK, he has distinguished...