Managed stateless sessions

To enable session management that is independent from http-accelerator layers and from caching user sessions and use data, miaa PolicyGate provides ID-tokens adopting the OpenID Connect conventions.

Using ID-Tokens avoids the need to maintain and store sessions server-side, neither on disk nor in memory. As such, miaa PolicyGate enables ‘stateless’ sessions.

miaa PolicyGate integrates with an Identity Management Platform that is OAuth-based and that allows external API access. It issues an ID Token or Access Token, if compatibility with OAuth is needed.

Please refer to Access to streaming video and Offline sessions for some use cases.

Tokenised access control

In combination with miaa PolicyChecker, miaa PolicyGate will conditionally issue an ID Token. Only if the rules are complied with by the user, will he receive a fresh ID Token to access your digital services.

Externalising the control of access allows you to implement enforcement logic in a secure and scalable way. This ensures all your platforms are protected by the same mechanism without using the traditional bottleneck of a reverse proxy.