Graph databases are the new foundation for the next generation of Relationship Centric Identity Management systems.   As the integration of people, devices and processes continues to grow in numbers and complexity, the need for understanding the relationships between these elements is becoming critical to authentication, authorization and auditing decisions.  Relationship Based Access Control (RelBAC) allows for more robust representations of the interconnectedness of people, processes and things.    RelBAC is increasingly the key to supporting rapid decisions that provide reliable scalable security models in the new Identity eco-system. 

Graph databases are one member of the NoSQL database family and are key to the successful implementation of dynamic relationship based authorization decisions. Graphs excel at querying and maintaining interconnected data and have risen to prominence over the last decade with the advent of social networking.

Graph databases are relationship centric and thus different from the traditional identity stores of SQL databases or LDAP enabled directories.  In a graph database the relationship is an object unto itself and is persisted to disk. Contrast this with a relational database whereby relationships are created at run time creating extra processing overhead and contributing to high latencies.   LDAP enabled directories, where joining cannot even be accomplished, cannot support the performance requirements of a relationship centric identity system.   Graph databases respond well to open ended relationship queries whereby the degree of separation is unknown. This type of query is not feasible in a SQL database.

As the field of Identity Management marches forward with increasingly interconnected identities (user, services and devices) systems will need to scale in order to respond to open ended relationship-centric queries.

Graph databases also lend themselves well to modelling the real world entities.  They can be used to represent and relate formerly siloed data stores thus creating a picture of the entire enterprise.  Due to their schemaless nature where everything is a node or a relationship with key value pairs there are no “impedance mismatch” problems due to unrelated schemas. With a holistic view of the enterprise it is easy to determine how formerly unrelated items are connected.  From those formerly unknown or undefined relationships new attributes can be inferred. The graph database thus lends itself to relationship based access control (ReBAC).

The ForgeRock™ stack lends itself to maintaining identity data in the graph database via Identity Management and then using identity relationships for policy decisions using Access Management.

Nulli can help your enterprise:

  • Integrate Neo4j® graphdb to support authorization decisions consumed by Access Management.
  • Model your identity data as a graph in Neo4j.
  • Convert your identity data to Neo4j.
  • Maintain your identity relationship data in Neo4j.
  • Create authentication and/or authorization solutions using ForgeRock and Neo4j that are tailored to your specific needs.