limosa.io

Appearance

Architecture

A robust identity solution must be built on a solid foundation.

The architecture of idaas.nl is characterized by its scalability and flexibility. It is designed with a cloud-native approach, meaning it is optimized for cloud environments and can easily scale out to meet increasing demand. This design is not only capable of handling current use cases but is also prepared to accommodate future scenarios.

The cloud-native design of idaas.nl leverages the benefits of modern cloud technologies, such as containerization and microservices. This allows for rapid deployment, efficient resource utilization, and high resilience. Furthermore, it enables continuous delivery and integration, ensuring that the platform can adapt quickly to changing requirements and conditions.

In essence, idaas.nl's architecture is built to be future-proof, providing a reliable and scalable identity solution that can evolve with your organization's needs.

Stateless Identity

In the realm of identity management, a stateless identity product is a paradigm shift from traditional methods. Unlike conventional systems that require local user registration and permanent user data storage, a stateless identity product eliminates these needs.

The concept revolves around the use of federation interfaces, such as OpenID Connect, for user authentication. When a user logs in, their credentials are verified by the federated identity provider, and upon successful verification, the user is granted access. The system does not store any user data locally, thus ensuring privacy and reducing the risk of data breaches.

This approach offers several advantages:

  • Scalability: As user data is not stored, the system can easily handle a large number of users without worrying about storage capacity.
  • Security: The risk of data breaches is significantly reduced as there is no local storage of user data.
  • Privacy: User data privacy is enhanced as no personal information is stored.
  • Simplicity: The need for local user management is eliminated, simplifying the overall system architecture.

By leveraging stateless identity, idaas.nl provides a secure, scalable, and privacy-focused identity management solution.

Federation layer

A crucial part of the architecture is the federation layer, which facilitates single sign-on and token verification functionalities.

This layer is compatible with OAuth 2.0, OpenID Connect 1.0, and SAML 2.0 protocols.

However, idaas.nl is more than just a wrapper around these federation protocols. It abstracts from individual protocols, forming a core layer that is protocol-agnostic. This design allows for easy introduction of support for future protocols as well as seamless integration with legacy protocols.

Authentication Tree

The method and timing of authentication are contingent on your organization's policies, user preferences, and context.

In the past, username and password verification was deemed sufficient for user authentication. However, in today's digital landscape, two-factor authentication has become the standard. Moreover, an increasing number of organizations are transitioning towards passwordless authentication methods, such as FIDO.

The ever-evolving requirements of digital security necessitate a flexible authentication framework. The idaas.nl solution offers this flexibility by allowing the chaining of authentication modules. This adaptive approach not only enforces robust security controls but also optimizes the user experience.

UI Server

idaas.nl sets itself apart from large IDaaS providers like Auth0 and Okta by decoupling the user interface from the identity server. This unique approach gives you complete control over your user experience, surpassing what competitors offer. You can achieve this not through platform-specific scripts or in-depth technical knowledge about authentication protocols, but simply by using client-side technologies like HTML and JavaScript. There's no need for DNS changes or server-side scripting.

An added advantage of this method is that it allows you to use your own domain names without the need to register additional DNS records.

You have the flexibility to log in using the default login screen, your own UI server, or via a popup.

Serverless for user scripting

It should be preferred to use out-of-the-box functionalities from off-the-shelf software. But a toolbox should not restrict your organization in providing value to your customers.

idaas.nl allows plugging in scripts into the authentication flow.

Sessions

Each authentication module maintains its own session storage. This allows differentiating how long each authentication result should get rememebered.

Each module allows configuring wether to remember its result in a session, a cookie, or not at all.

Tokens

An access token is a JWT. Yet, can still be used as regular OAuth access tokens. You can introspect and revoke these tokens.