Strata Identity, U.S.-based identity orchestration provider for multi-cloud environments with a significant presence in Vancouver, has announced the availability of the Hexa open-source project that enables organizations to unify and consistently manage all of their access policies across multi-clouds, on-premises systems, and vendors.
Hexa enables this using the New Identity Query Language (IDQL) standard, which is a new common policy format used to define identity access policies in a declarative way.
Currently, each cloud platform (AWS, Google, Microsoft Azure, and others) uses a proprietary identity system with its own policy language, all of which are incompatible with each other. Meanwhile, each application must be hardcoded to work with a specific identity system. IDQL and Hexa enable any number of identity systems to work together as a unified whole, without making any changes to them or to applications, Strata Identity explains.
“Just as Kubernetes transformed computing by allowing applications to transparently move from one machine to another, IDQL enables access policies to move freely between proprietary identity systems,” said Eric Olden, chief executive officer of Strata Identity. “IDQL and Hexa eliminate identity silos in the cloud and on-premises, by creating an intelligent, distributed identity system with one brain.”
How does Hexa work?
Together IDQL and Hexa provide the following capabilities:
Policy discovery
- Analyzes and performs inventory of key apps, data, and policies
- Uncovers which apps exist and where they are
- Finds what policies, users, and roles exist
Policy translation
- Translates native, imperative policies into declarative IDQL policies during policy discovery
- Translates declarative IDQL policies into native, imperative policies of the target system(s) during policy orchestration
Policy orchestration
- Distributes policies to be enforced by identity providers (IdPs), clouds, IaaS, and network systems
- Works via a cloud-based architecture that does not require an agent, proxy or local code
- Uses an extensible, open-source model that supports custom connector integrations
IDQL and Hexa are managed under a vendor-neutral working group and an open-source, open governance model and will remain independent from any company or company-sponsored project. Interest in building open standards for cloud identity is being driven by global multi-cloud adoption and incompatibility between cloud identity systems. The authors of IDQL and Hexa include Strata Identity, Kroger, Versa Networks, S&P Global, Cummins, and MEF. Others interested in supporting the project can find more information here.
One working group member in particular understands the need to unify policy orchestration from the application to the network layer. “IDQL and Hexa provide the necessary framework for linking identity and policy to the Zero Trust standards being developed at MEF today,” said Pascal Menezes, chief technical officer of MEF. “MEF is proud to be an early supporter of IDQL and Hexa and we look forward to collaborating further in the future.”
IDQL and Hexa are public projects with code repos available on GitHub here. The two components of the project have been submitted as a sandbox project to the Cloud Native Computing Foundation (CNCF). More information about Hexa and IDQL can be found here.
Strata Identity is also hosting a panel webinar with other members of the working group entitled “The building of a new identity standard: Why the multi-cloud world needs IDQL and Hexa to unify policy” on May 25 at 10 am PT / 1 pm ET. Visit this link to register.