Add heimdall to the links

[dadrus]

URL of the article or project

https://github.com/dadrus/heimdall

Motivation

Heimdall is a cloud-native, identity-aware proxy that can be integrated with various existing proxies such as Envoy, Traefik, Nginx, and more, effectively transforming them into API gateways by handling authentication and authorization. It can also operate independently as a pure proxy. In either case, heimdall acts as a general purpose policy enforcement point and as such enforces authentication and authorization by communicating with identity providers (IDPs), authorization systems (e.g. like OPA, or OpenFGA), and policy information points (PIPs) to enrich requests with additional contextual or environmental data. This allows Heimdall to orchestrate authentication and authorization systems, including fallback mechanisms, which can abstract away supported authentication protocols or IDPs if desired. The abovesaid authentication and authorization requirements are organized in rules, respectively rule sets, which can be loaded from various sources, like a file system, http endpoint, cloud blob, like aws s3, or even from a k8s custom resource. In all cases these rule sets belong to a particular service, which should be protected by heimdall. This way the code of such services can become significantly simpler, reducing the cognitive load of the team members responsible for the service and allowing faster time to market.

Heimdall is similar to Pomerium and Ory's Oathkeeper but offers secure defaults at various levels, requiring significantly less configuration. For example, it has a default rule that applies when no service- or endpoint-specific rule matches a request. This default rule also serves as a template for regular rules, meaning you only need to specify deviations from the default behavior when creating new rules. It is also entirely open for integration with any system (be it for authorization, information gathering purposes, or something else) and supports conditional execution of partcular steps in a rule.

I believe heimdall would be a valuable addition to the awesome-iam project as it addresses key challenges in identity and access management by simplifying the integration of authn & authz features into existing infrastructure and application landscape. Adding heimdall to the collection would not only increase its visibility and stregthen the cummunity around it, but also attract new contributors to further develop the project and make it better, ultimately enhancing security practices across the developer community. I’m confident heimdall can play a significant role in making secure, identity-aware applications more accessible and easier to develop.

Affiliation

• I am the author of the article or project
• I am working for/with the company which is publishing the article or project
• I'm just a rando who stumbled upon this via social networks

Self checks

• I have read the Code of Conduct

• I applied all rules from the Contributing guide

• I have checked there is no other Issues or Pull Requests covering the same topic to open