在Grab的轻松企业认证:Dex的应用
Grab, Southeast Asia’s leading superapp, has created many internal applications to support its diverse range of internal and external business needs. Authentication1 and authorisation2 serve as fundamental components of application development, as robust identity and access management are essential for all systems.
Grab,东南亚领先的超级应用程序,创建了许多内部应用程序以支持其多样化的内部和外部业务需求。身份验证1 和授权2 是应用程序开发的基本组成部分,因为强大的身份和访问管理对所有系统至关重要。
We recognised the need for a centralised internal system to manage access, authentication, and authorisation. This system would streamline access management, ensure compliance with audit requirements, enhance developer velocity, and simplify authentication and authorisation processes for both developers and business operations.
我们认识到需要一个集中式内部系统来管理访问、身份验证和授权。该系统将简化访问管理,确保遵守审计要求,提高开发者的工作效率,并简化开发者和业务运营的身份验证和授权流程。
Grab created Concedo to fulfill this requirement by providing a mechanism for services to configure their access control based on their specific role to permission matrix (R2PM)3. This allows for quick and easy integration with Concedo, enabling developers to expedite the shipping of their systems without investing excessive time in building the authentication and authorisation module.
Grab 创建了 Concedo 来满足这一需求,提供了一种机制,使服务能够根据其特定角色与权限矩阵 (R2PM)3 配置其访问控制。这允许与 Concedo 快速而轻松地集成,使开发人员能够加快系统的交付,而无需在构建身份验证和授权模块上投入过多时间。
The authentication mechanism, based on Google’s OAuth2.04, includes custom features that enhance identity for service integration. However, this customisation isn’t standard, creating integration challenges with external platforms like Databricks and Datadog. These platforms then use their own authentication and authorisation, resulting in a fragmented and undesirable sign-on experience for users.
基于 Google 的 OAuth2.04 的身份验证机制包括增强服务集成身份的自定义功能。然而,这种自定义并不标准,导致与 Databricks 和 Datadog 等外部平台的集成挑战。这些平台随后使用自己的身份验证和授权,导致用户的单点登录体验碎片化且不理想。
Figure 1. Undesired user sign-on experience due to fragmented authentication approaches.
图1. 由于碎片化的认证方法导致的不理想用户登录体验。
The inconsistency in user experience also resulted in...