Policy Information Broker

Empowering users and admins for more agility

Augment the user journey in your access management flow with TrustBuilder’s Policy Information Broker. The PIB allows you to connect to any application or database and draw conclusions based on external data. It can do complex calculations and derive properties of a user with relevance for access control. The outcome can then be used to execute a workflow, e.g. to take access decisions or to enrich user profiles.

 

Policy Information Broker goes beyond traditional IAM

The Policy Information Broker allows you to fetch and process internal and external data and use that data to enrich the intelligence used in the organization’s policies. A list of standard protocols are available to connect TrustBuilder ID Hub to applications and databases, but a powerful JavaScript engine allows you to create and customize any type of adapter you require.

Unlimited flexibility

Augmenting the policies with derived data gives you the flexibility to tailor policies to the exact security level needed for your organization. Rather than being limited to static attributes, derived and dynamic attributes enable complex policy decisions.

Combines security and UX

Thanks to Policy Information Broker, very fine-grained and complex rules can be created, improving both security and user experience. Using additional attributes gives you more certainty about the authorization level of the user, most of the time without intervention from the user’s end.

External or internal sources

The Policy Information Broker can make use of different data sources to add deeper granularity: external data (e.g. authoritative sources such as governmental Identity Providers or external risk engines) and internal data (e.g. customer databases and transaction history) to distil that information into derived attributes that are then used in policies.

Low on maintenance

As the Policy Information Broker is a low code platform, adoption by your team is simplified. The configuration happens via a graphical UI, which visualizes the workflows in an easy, readable flow graphic. This allows upfront validation by security and business shortening Time to Market. Once these workflows have been designed and scripted, you rarely need to change them afterwards. As they hardly require any maintenance, this saves both time and effort from your team.

High on functionality

Using Policy Information Broker to grab and process external data and use them in your workflows is applicable in different use cases. Experience shows that all industries can benefit from this extra flexibility. For examples, see below.

Protect your investment

The Policy Information Broker can also integrate with legacy applications in a structured and repeatable manner. This is great news for organizations that cannot afford to decommission their legacy applications and want to continue using data from these applications.

Protecting data privacy

The Policy Information Broker can consult external sources for information that you are not permitted to store in your own databases for reasons of (GDPR-) compliance, e.g. birth dates and health-related data. In this case, the Policy Information Broker may just check an external system to ascertain that a person is not a minor. That way, we enable policies to draw conclusions based on authoritative data without ever exposing that data to your applications.

Most flexible orchestrator in the market

The Policy Information Broker is the cherry on the cake of TrustBuilder’s powerful orchestration and works closely with the Orchestration Engine and the Policy Engine. This provides you with the most flexible orchestrator available in the IAM market.

Orchestration Engine

The Orchestration Engine orchestrates the user journey and calls up specific policies at the right time during that session.

Policy Engine

The Policy Engine defines all the security rules, called policies. Those policies are executed by the Orchestration Engine.

Policy Information Broker

The Policy Information Broker implements advanced retrieval and processing of data to dynamically determine derived attributes for use by the Policy Engine.

Policy Information Broker retrieves any information needed

TrustBuilder’s Policy Information Broker supports complex access decisions by retrieving and processing any type of information that is required for the policies within the user journey. Policy Information Broker can be used to:

  • Enrich user profiles, by querying for information on the user from an internal database or through an API, and then add this information to the attribute-based access control (ABAC) policies. This makes our fine-grained ABAC approach even more granular.
  • Create authorization rules based on complex logic.
  • Normalize attributes from different providers in a digital ecosystem
  • Communicate with other systems through an API when the transaction happens in real time.

The Policy Information Broker can also pass on data from one application to another in a compliant manner or integrate with legacy applications in a structured and repeatable manner.

Legend: Policy Information Broker connects to several external sources, aggregates and calculates the information from these sources and then applies the result to the progress in the workflow. E.g. when the policy requests the location, the Policy Information Broker will look up the IP address to establish the location of the user and compare that to a database of accepted locations.

Use cases in multiple industries

TrustBuilder’s Policy Information Broker will make transactions more secure and user-friendly in any industry.

Do you want to discover how TrustBuilder Policy Information Broker can make your access management flows more fine-grained?

In HR applications, timesheets or holiday requests need approval by a supervisor. TrustBuilder’s Policy Information Broker can call the HRM API to consult the organization chart and check the hierarchical relationship between the end-user and the supervisor who approves the timesheet or holiday request.

By checking the hierarchical relationship between the two employees in an external database, we can be assured that both employees are still in the same role in their organization. E.g. if the supervisor moves on to another department and can no longer approve or decline holiday requests, this will become clear when TrustBuilder’s Policy Information Broker checks the organization’s hierarchy.

Our Policy Information Broker will consult different external sources based on the role of the user at login. A user may take on different roles in one single HRTech tool. Someone who is an employee in one organization, can also be a contractor to another organization, or CEO of their own company. Policy Information Broker will make sure that the right external source is consulted depending on the respective roles of the user.

TrustBuilder interacts with risk engines and can use the input from these external systems in real time to determine whether a higher level of authentication is necessary. TrustBuilder’s Policy Information Broker will connect to several risk engines and take into account different factors such as the geographic location or behaviour of the user. If a bank customer usually signs transactions from a location in Belgium, a transaction signed in Ukraine will be regarded as suspicious. The same goes for behaviour patterns that deviate from the user’s usual behaviour.

In the workflow, these results from different risk engines will be evaluated and combined into a single risk score. A policy might require extra authorization in high-risk situations. The user journey will then only continue if the right authorization level is met.

Not all content on media sites is available to everyone, some content is restricted to subscribers. A content delivery server will only show requested content pieces if the person is a subscriber or has not consumed more than three content pieces. TrustBuilder’s Policy Information Broker will call the subscription database to consult the subscription and consumption history and the policy engine will then check the rules before the reader is allowed access to the requested content piece.

Other use cases for media companies:

  • Policy Information Broker can consult an authoritative source to determine whether the reader is an adult, which is a requirement to participate in a sweepstake.
  • Policy Information Broker will check your domicile address if you need to reside in a specific country to be eligible for a promotional campaign.