Description
URL of the article or project
https://github.com/dadrus/heimdall
Motivation
Heimdall is a cloud-native, identity-aware proxy that can be integrated with various existing proxies such as Envoy, Traefik, Nginx, and more, effectively transforming them into API gateways by handling authentication and authorization. It can also operate independently as a pure proxy. In either case, heimdall acts as a general purpose policy enforcement point and as such enforces authentication and authorization by communicating with identity providers (IDPs), authorization systems (e.g. like OPA, or OpenFGA), and policy information points (PIPs) to enrich requests with additional contextual or environmental data. This allows Heimdall to orchestrate authentication and authorization systems, including fallback mechanisms, which can abstract away supported authentication protocols or IDPs if desired. The abovesaid authentication and authorization requirements are organized in rules, respectively rule sets, which can be loaded from various sources, like a file system, http endpoint, cloud blob, like aws s3, or even from a k8s custom resource. In all cases these rule sets belong to a particular service, which should be protected by heimdall. This way the code of such services can become significantly simpler, reducing the cognitive load of the team members responsible for the service and allowing faster time to market.
Heimdall is similar to Pomerium and Ory's Oathkeeper but offers secure defaults at various levels, requiring significantly less configuration. For example, it has a default rule that applies when no service- or endpoint-specific rule matches a request. This default rule also serves as a template for regular rules, meaning you only need to specify deviations from the default behavior when creating new rules. It is also entirely open for integration with any system (be it for authorization, information gathering purposes, or something else) and supports conditional execution of partcular steps in a rule.
I believe heimdall would be a valuable addition to the awesome-iam project as it addresses key challenges in identity and access management by simplifying the integration of authn & authz features into existing infrastructure and application landscape. Adding heimdall to the collection would not only increase its visibility and stregthen the cummunity around it, but also attract new contributors to further develop the project and make it better, ultimately enhancing security practices across the developer community. Iβm confident heimdall can play a significant role in making secure, identity-aware applications more accessible and easier to develop.
Affiliation
- I am the author of the article or projectI am working for/with the company which is publishing the article or projectI'm just a rando who stumbled upon this via social networks
Self checks
I have read the Code of Conduct
I applied all rules from the Contributing guide
I have checked there is no other Issues or Pull Requests covering the same topic to open
Metadata
Metadata
Assignees
Projects
Milestone
Relationships
Development
Participants
Activity
kdeldycke commentedon Apr 21, 2025
Can you propose a PR with a short description in both the English and Chinese list please?
dadrus commentedon Apr 23, 2025
Hi @kdeldycke β PR is up! π
The Chinese description was created with the help of ChatGPT. Since I can neither read, nor understand it, please bear with me if the translation isnβt fully accurate.
kdeldycke commentedon Apr 24, 2025
Automated translation is OK for a first attempt. Any contributor will be able to refine it in the future with a PR.
kdeldycke commentedon Apr 24, 2025
Closed by #160