KuppingerCole Report
Executive View
By John Tolbert


PlainID offers an authorization solution that provides Policy Based Access Control (PBAC) for common on-premise, SaaS, and even homegrown applications. PlainID’s scalable technology enables customers to easily externalize authorization decisions from applications, achieving higher efficiencies, more fine-grained access controls, and improved security.

1 Introduction

Identity and Access Management (IAM) is a complex discipline and technologies composed of elements such as identity vetting, assurance, credential issuance, authentication, authorization, reconciliation, and governance and lifecycle management. Each of these components are necessary for a strong IAM infrastructure and cybersecurity. In recent years, many conceptual and technical advancements have been made in these areas. Authentication technologies, including multi-factor, risk adaptive, and biometrics, have received the most fanfare and press. But, once a user or device is authenticated, it still must be authorized.

Authentication is usually defined as the process of proving or demonstrating that a user, device, or now even an application is what it says it is. Username/password authentication has been the norm for decades, but is insecure and is increasingly being phased out where possible. New authenticators, such as USB keys, Smart Cards, and mobile biometrics are becoming more popular.

Authorization is the process of determining whether a user, device, or application should be allowed to perform an operation. Many factors influence access control decisions, including but not limited to:

  • User attributes - group membership, roles, nationality, clearance, customer type/status, authentication strength
  • Resource attributes – resource type, classification, sensitivity, file type, application type
  • Environmental attributes – geo-location of requester, IP address, security posture of requesting device, user behavioral analysis, user history
  • Action attributes – type of request: create, read, update, delete, etc.

OASIS XACML (eXtensible Access Control Markup Language) and IETF OAuth are two notable standards for access control. XACML defines an access control architecture, policy language, and request/decision/response protocol, based on XML. XACML now includes REST and JSON profiles for modern applications. OAuth uses the bearer-token approach for a decentralized, federated authorization model. OAuth 2.0 tends to be more widely utilized across the web, and is extensible: OpenID Connect and User Managed Access are built around OAuth 2.0.

Applications today are ever more complex, with dependencies on other applications and factors that must be considered before granting users access. Authentication is a necessary first step, but fine-grained authorization in accordance with specific policies is an increasingly common business requirement, especially in industries such as finance, health care, pharmaceutical, defense, aerospace, and insurance.

PlainID, headquartered in Israel, was founded in 2014. The company focuses on delivering fine-grained authorization functionality that scales for large enterprise applications. PlainID realizes that sometimes the same access control policies apply across many different applications and computing environments. To achieve economies of scale and better security, authorization in many cases should occur outside individual applications. The company is partnering with other technology vendors and has customers on several continents in the financial sector.

2 Product Description

PlainID is Linux-based authorization engine, which can be deployed either on-premises or in IaaS providers such as Amazon AWS or Microsoft Azure. Pl ...

Login Get full Access

3 Strengths and Challenges

PlainID offers a purpose-built authorization solution that allows IAM architects to simplify authorization and entitlement management. Almost every ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.