Secure Unified Data Management

The Diffusion Real-Time API Management Platform delivers centralized data management for disparate data sources from both back-ends and application ecosystems, via a user-friendly dashboard and control center to unify, manage, authenticate, and secure all data transactions.

Security with Diffusion

Access control is a core concern for any business moving data. Exposing real-time data feeds can introduce additional operational risk, if not properly managed. At the same time, the ability to expose real-time feeds enables substantial opportunity for revenue growth. As a unified platform, Diffusion acts as a single access point to deliver centralized security control over all real-time data. Diffusion’s pluggable authentication system allows businesses to enforce identity control across all data using whatever mechanisms are required -- enterprise systems such as Active Directory, social sign-on (Google, Facebook, ...), or custom authentication -- with fine-grained permissions and dynamic authorization for granular access control to easily grant or revoke privileges, as required.

"For operational teams, Diffusion provides a central point of control for configuring quality-of-service and data access policies; and it reduces the overhead of managing and scaling application data across the Internet."

Using Diffusion to handle front-end security policies

  • Reduces the need to duplicate policies across multiple back-ends,
  • Simplifies the implementation of security policies,
  • Makes it easier to track and audit any possible violations,
  • Dev-ops teams can still control precisely what data is exposed via Diffusion,
  • Reduces the risk of data leakages or attack vectors for malicious actors.

Security & Single
Point-of-Access

When Clients Connect to Diffusion...

Back-end systems can provide a set of Roles which will be applied to the new connection. Each Role provides a granular set of Permissions that control what a connection is able to do and what data it is able to receive. Because these permissions are stored server-side, connections need only authenticate once; there is no need to keep requesting authorization tokens for privileged operations, which reduces network traffic and simplifies application logic.

New Security and Session Properties

  • Client proposed session properties

    Allowing clients to provide property values when opening a session.

  • New Roles fixed session property

    Exposing the security roles of clients and allowing them to be used in session filtering.

  • Enabling the validation and filtering of client proposed session properties as well as the ability to change certain fixed session properties.

  • Change roles operation

    Allowing privileged clients the ability to change the permissions assigned to other clients.