Skip to content

Add heimdall to the links #151

Closed
Closed
@dadrus

Description

@dadrus

URL of the article or project

https://github.com/dadrus/heimdall

Motivation

Heimdall is a cloud-native, identity-aware proxy that can be integrated with various existing proxies such as Envoy, Traefik, Nginx, and more, effectively transforming them into API gateways by handling authentication and authorization. It can also operate independently as a pure proxy. In either case, heimdall acts as a general purpose policy enforcement point and as such enforces authentication and authorization by communicating with identity providers (IDPs), authorization systems (e.g. like OPA, or OpenFGA), and policy information points (PIPs) to enrich requests with additional contextual or environmental data. This allows Heimdall to orchestrate authentication and authorization systems, including fallback mechanisms, which can abstract away supported authentication protocols or IDPs if desired. The abovesaid authentication and authorization requirements are organized in rules, respectively rule sets, which can be loaded from various sources, like a file system, http endpoint, cloud blob, like aws s3, or even from a k8s custom resource. In all cases these rule sets belong to a particular service, which should be protected by heimdall. This way the code of such services can become significantly simpler, reducing the cognitive load of the team members responsible for the service and allowing faster time to market.

Heimdall is similar to Pomerium and Ory's Oathkeeper but offers secure defaults at various levels, requiring significantly less configuration. For example, it has a default rule that applies when no service- or endpoint-specific rule matches a request. This default rule also serves as a template for regular rules, meaning you only need to specify deviations from the default behavior when creating new rules. It is also entirely open for integration with any system (be it for authorization, information gathering purposes, or something else) and supports conditional execution of partcular steps in a rule.

I believe heimdall would be a valuable addition to the awesome-iam project as it addresses key challenges in identity and access management by simplifying the integration of authn & authz features into existing infrastructure and application landscape. Adding heimdall to the collection would not only increase its visibility and stregthen the cummunity around it, but also attract new contributors to further develop the project and make it better, ultimately enhancing security practices across the developer community. I’m confident heimdall can play a significant role in making secure, identity-aware applications more accessible and easier to develop.

Affiliation

  • I am the author of the article or project
    I am working for/with the company which is publishing the article or project
    I'm just a rando who stumbled upon this via social networks

Self checks

  • I applied all rules from the Contributing guide

    I have checked there is no other Issues or Pull Requests covering the same topic to open

Activity

kdeldycke

kdeldycke commented on Apr 21, 2025

@kdeldycke
Owner

Can you propose a PR with a short description in both the English and Chinese list please?

dadrus

dadrus commented on Apr 23, 2025

@dadrus
ContributorAuthor

Hi @kdeldycke – PR is up! πŸ™‚

The Chinese description was created with the help of ChatGPT. Since I can neither read, nor understand it, please bear with me if the translation isn’t fully accurate.

kdeldycke

kdeldycke commented on Apr 24, 2025

@kdeldycke
Owner

The Chinese description was created with the help of ChatGPT. Since I can neither read, nor understand it, please bear with me if the translation isn’t fully accurate.

Automated translation is OK for a first attempt. Any contributor will be able to refine it in the future with a PR.

kdeldycke

kdeldycke commented on Apr 24, 2025

@kdeldycke
Owner

Closed by #160

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @kdeldycke@dadrus

        Issue actions

          Add heimdall to the links Β· Issue #151 Β· kdeldycke/awesome-iam