State Bank of India-Collaborative Innovation Centre launched SBI National Hackathon – Code For Bank, an API Hackathon Platform for developers, start-ups and students to put their thinking caps on and come up with ideas and solutions that can change the way banking is done in India. From a technology standpoint, Bank views APIs as a set of micro-services that are individual or a combination of use cases, around which a mash-up of applications can be developed on-the-fly.
In the age of digital Banking, SBI is organizing this Hackathon with an objective to invite start-ups, developers and partners to collaborate, ideate and co-develop disruptive and innovative solutions spearheading Indian Banking Technology Landscape. The bank’s effort is to promote an Outcome based Technology Culture amongst Start-ups and Developers with the focus on Developing Cutting Edge Solution for Bank in an agile manner. This will put in focus the Business Value driven by Technologies like Predictive Analytics, Fin-Tech/Blockchain, Digital Payments, IOT, Artificial Intelligence, Machine Learning, BOTS and Robotic Process Automation.
In the phase-1, participants can register their idea during 20th – 29th May 2017 followed by Hackathon which will start from 6th June 2017 and ends on 20th June 2017. The initiative will allow participants comprising a team of maximum five people to develop applications or solutions using only SBI APIs, only external APIs and a combination of SBI APIs and External APIs.
SBI keeps innovation on priority and CODE FOR BANK 2017 [C4B 2017] is bank’s biggest step in launching this platform for start-ups and developers in India. The initiative will a part of APIfication Strategy and Transformation which is developed by SBI Collaborative Innovation Centre to create a Boundary less and collaborative development ecosystem which is Technology Agnostic, Agile and completely Digital.
Today all Emerging technology is becoming API based, Fintech is Disruptive, RegTech for Banks is gaining and everything is on Mobile. Banks have to respond to VUCA world [Volatile, Uncertain, Complex, Ambiguous] and local themes like Demonetization, Financial Inclusion, Digital Payments, etc.
C4B 2017 will help drive both External and Internal Innovation. Developers can quickly get an Application Ecosystem View, learn the Bank Technology DNA and start developing solutions using the APIs available on the platform.
Google have announced the six Indian startups who have been shortlisted for the fourth class of Google Accelerator Program. These six startups will be joining an inspiring group of startups from all over Asia, Latin America, Africa and Europe at the Google Developers Launchpad Space in San Francisco. With this batch, a total of 26 Indian startups have so far joined the launchpad accelerator program from India.
The fourth class will kick off from 17th July, 2017 and will include two weeks of all-expense-paid mentorship bootcamp. This batch of startups will gain from Google’s new curriculum that will help the startups to dig deeper into machine learning and AI and help them leverage Google’s latest technologies to scale their apps.
These startups were shortlisted from hundreds of startups who applied this year based on their unique value proposition and use of latest technologies like machine learning and AI [Artificial Intelligence] to build high impact solutions that are solving for the Indian context, focusing on new internet users and digital India. We are thrilled to see the quality of startups coming from India and we look forward to working them closely for the next six months.
In the six months program, these startups will undergo intensive mentoring from 20+ teams across Google and mentors from top technology companies and VCs in Silicon Valley. Additionally they will receive equity-free support and credits for Google products. Post their return from San Francisco they will continue to work closely with Google back in India.
The shortlisted startups include companies that cover optimization of financial services ranging from loans, credit cards, upto date information platforms for train journeys, online video platform focussing on content from Indian cinema focusing on South of India to the unique implementation of AI to aid discovery of recipes for cooking. The list also includes B2B companies that use AI or ML for various applications be it image recognition capabilities to aid medical diagnosis by analyzing visual data, providing solutions for talent acquisition and workforce optimization.
Here’s the full list of shortlisted startups from India
MoneyTap[earlier coverage MoneyTap Review and Interview with Bala Parthasarthy, CEO – MoneyTap], India’s first app-based consumer credit line along with its partner RBL Bank, announced that the credit line is now available for Self-Employed professionals. The opening of the new segment is in line with the company’s plans to expand into 30 cities in India over the next six months. After lowering the minimum salary eligibility to INR 20,000 per month, this is MoneyTap’s next move to enable easy access to credit.
In a country of 1.2 billion Indians, 26.4 million have credit cards as of August 2016, according to RBI data. The penetration of unsecured personal loans has been extremely poor in India with the organized credit presence at around 1% in the country. On the other hand, according to a survey done by the TransUnion Cibil, a credit information firm, Indian credit card customers have improved their payment behavior with about 78% of them paying off monthly bills completely and about 92% of credit card holders often pay a greater amount than the minimum due. Thus, there is enough scope for a product like MoneyTap to thrive and scale.
MoneyTap’s app-based credit line provides a customer with a credit limit, anywhere from INR 25,000 to INR 5 lakhs, without any collateral. The value of the credit limit depends on the individual’s profile and the credit policy being used. With a patent-pending chat interface, the free app rapidly evaluates the user’s credit eligibility in just a few minutes and instantly informs them of the decision, along with the amount they are eligible for. Using the MoneyTap app, consumers can choose to borrow as little as INR 3000 or as much as INR 5 lakhs, or up to their upper credit limit. They also get to decide their own EMI plans with payback periods ranging from 2 months to 3 years. Interest is paid only on the amount borrowed and rates can be as low as 1.25% per month. If the user does not borrow any amount, then no interest needs to be paid. The credit limit also gets topped up once EMIs are paid back.
MoneyTap along with RBL Bank is able to provide its customers, instant decisions and instant access to money, 24/7, irrespective of holidays. Moreover, as per RBI guidelines, all financial transactions such as billing, repayment or withdrawals are directly dealt with the bank but through the MoneyTap App using secure APIs, thus ensuring 100% secure transactions. Consumers do not have to hold a bank account or any other account with the partner bank to avail MoneyTap. As an added convenience for shopping needs, a MoneyTap RBL Credit Cardis also provided to the user. This is a regular MasterCard Credit Card that is accepted at all locations and for all card purchases – offline and online.
It gives us immense pleasure to be able to spread our services across cities, various earning groups and people of different professions. We are glad that the credit line app has been appreciated and adopted vastly. We aim to expand further by opening MoneyTap for newer segments that are currently underserved and in need of credit. We have a vision of making credit accessible to 1 Million Indians in the next few years. Hence, this expansion is part of that vision. We believe we have a product that works well for the mass market – flexible, affordable credit available in a convenient way.
Harjeet Toor, Business Head – Microbanking, Credit Cards, Retail & MSME Lending, RBL Bank said
India is a largely informal and an unorganised economy with about 90 per cent of people employed in the informal sector. A majority of these are self-employed. The government’s recent initiatives, such as Startup India and Skill India, are aimed at promoting financing, encouraging entrepreneurship and generating employment among the micro, small and medium enterprises. The MoneyTap app will give the self-employed quick and easy access to a credit line they can use both for their personal as well as professional needs.
The MoneyTap app is available on Android Playstore to all salaried employees and now self- employed. Qualified customers, after completing the KYC [right from the app with no paperwork involved], will pay a one-time Line setup fee of INR 499 + tax in their first month e-settlement. There are no hidden fees or charges and every time the customer chooses to take an EMI, they will be shown the interest & any other applicable charges and the customer will be required to provide explicit consent before borrowing.
MoneyTap is a Bengaluru-based fintech startup, founded by serial entrepreneurs Bala Parthasarathy, Anuj Kacker & Kunal Varma, who are IIT/ISB alumni. Bala has co-founded multiple startups in Silicon Valley including Snapfish [sold to Hewlett Packard], which he helped grow to 100M users and $300M in revenue. After moving to India in 2007, he volunteered for UIDAI under Mr. Nandan Nilekani before starting AngelPrime in 2011 [now Prime Venture Partners] where he helped create companies like ZipDial [sold to Twitter], EZETap, Happay, etc. Kunal [ex Texas Instruments] & Anuj [ex Airtel & JWT] co-founded Tapstart that grew to 300K users and turned profitable in 2 years. MoneyTap works in very close partnerships with various banks and other financial institutions to make the process painless and on-app. For more details, please visit MoneyTap
Uber, the newly designed and re-engineeredrider’ app has been rolled out to 100% of its users in India and around the globe, across Android and iOS platforms. Uber riders can now enjoy the faster, smarter and more personalised Uber experience on the new rider app which has been rebuilt completely from the ground up for the first time since 2012.
Uber is based on a simple concept: push a button, get a ride. What started as a way to request premium cars, now offers a range of products, making millions of rides possible across the world. While providing seamless on-demand transportation for riders remains our central focus, the newly designed rider app is unique as we rebuilt it from ground up to deliver a much faster and improved interface for riders. We are excited that riders across India will now have this superior experience.
The new rider app has been re-engineered, keeping in mind the changing needs of riders around the world. It aims to recapture the clean and simple aesthetics of the original Uber experience, without sacrificing on the choices riders can now expect.
Some of the major changes to the rider app that contribute to a superior Uber experience include:
A faster app with a new design
Clearer vehicle options, with upfront pricing view
Smarter pickups to help reduce ETA
Personalised in-app shortcuts
The new app offers a host of features, which have already been appreciated by the riders in India:
Destination first : The new Uber experience is reimagined around a simple question – ‘Where to?’ After all, riders use Uber to get somewhere-or to someone. And by starting with the rider destination, we can tailor the journey better.
Shortcuts : The new Uber app learns from riders’ routines. Frequent riders will see ‘shortcuts’ that predict where one could be headed. This means riders can get moving with just one tap.
Saved places : The new app allows riders to save locations that they frequent. This could be a hotel that they prefer to stay at while traveling, favourite restaurants, client’s office, dentist’s clinic or even a friend’s house.
Rider ratings : To give riders more visibility into how drivers are rating them, Uber is making rider ratings much more accessible in the app. Now, a rider’s rating will be displayed right under their name in the app’s menu.
Pickup experience : The pickup is a core part of the Uber experience. In an effort to make it easier, riders can update their pickup location after they book a ride. This simple fix gives them more control over their pickup experience, and saves everyone time and avoidable headaches.
Calendar integration : Riders can now sync their calendar with Uber. With this, riders meetings and appointments will automatically appear as ‘shortcuts’, saving them the hassle of digging through another app to find the right address.
Choose the car & compare upfront fare : After entering the destination in ‘where to’, riders can also decide how to get there. They prefer different types of rides for different moments. If the rider is on the way to a party or with business associates, a more spacious uberX ride is preferred, while an uberGO serves as the most affordable everyday ride. And for a run-of-the-mill trip to the market or the lowest cost option, an uberPOOL works well. It’s now much easier to compare the cost of all these options with upfront fares, so the rider can make an informed choice.
Once the rider is on the trip, the focus is on helping them make the most of their ride. They can still split the fare, keep track of estimated time to destination and share trip status with friends.
On-trip integrations : Soon, it will offer more experiences tailored around rider destinations that will include on-trip integrations with other utility based mobile applications, social media platforms, and news aggregators, among others.
To top these, here are the features most loved by riders in India :
Schedule a ride : A top-requested service from riders around the world, especially from business travelers who use Uber rides for important meetings, appointments, trips to airports and stations, etc., has been rolled out in India. This new feature adds to the reliability and convenience riders have come to experience on Uber. An uberX or an uberGOride can now be scheduled for as little as 15 minutes to as many as 30 days in advance.
Request a ride for others : Riders have often booked rides for their friends and family members. However, it involved the hassle of coordinating the pickup or managing payments. With the new update, it now works in a much simpler manner. If the pickup location differs from the detected location of the person booking the ride, the app will prompt if the ride is being booked for someone else. If yes, they can select the option and the app will allow them to choose a contact. At this point, the person booking the ride can also choose the desired payment method. Meanwhile, the rider will get two text messages – one with the driver and car details and the second with a link to track the ride.
Split fare : Another interesting feature added by Uber was a fare split, that enabled riders to split the Uber bill with friends. After the trip begins, riders can select ‘Split Fare’ and choose a contact to hit send. The rider’s friend(s) will receive a text with a link that will open the Uber app on their phone. Once they confirm their willingness to split the bill, the fare automatically gets divided between the riders.
Share trip details : Uber’s ride sharing feature enables a rider to send details of the driver-partner and their ride with friends or family members. Once the trip begins, riders can share these details from the app by tapping the ‘send status’ option and choosing a contact on their phone. This functionality is extremely useful to track trip progress in real time.
Choose payment mode : Riders can choose a payment option that works best for them – cash, digital wallet, credit card and debit card.
The new rider app which has been developed using a completely new architecture, also opens up a plethora of possibilities for improving the new rider feed, as well expanding this to the driver app, and even building for the future.
Dial4242 – a pioneer in its segment, app based platform providing users the comfort of booking an ambulance within seconds launches in Mumbai. Dial4242 will allow a user to book the nearest available ambulance and track its location real-time. Founded by Nilesh Mahambre, Jeetendra Lalwani and Himanshu Sharma, Dail4242 aims to eliminate the stress and worries in booking ambulances by setting up a reliable network, reduce the waiting time, and deliver the best in emergency services to people across India.
Introducing and launching the ambulance aggregating platform in Mumbai was ace comedian & prominent actor Vrajesh Hirjee. Services provided via Dail4242 are not limited to emergency situations and can also be used by patients for check-ups, medical appointments, after a hospital discharge or for intercity travel needs.
Available under less than 4 MB, the Dial4242 app is easy to use and has a step-by-step interface for bookings. To call for an ambulance, one simply needs to confirm the pick-up point auto-detected via GPS, add the destination and select the type of ambulance needed. Ambulance variants currently available are Basic, ICU or Cardiac and for the transfer of a dead body.
The fare estimate and ETA of the ambulance will be displayed for a confirmation further to which the tracking details, and the estimated time to reach the destination with the shortest possible route will be displayed on the app. Once the user reaches his destination, he can pay the fare in cash to the driver or through a host of digital payment options. The user will receive an invoice via email and within the app. Additionally, ambulances can also be booked via the Dial4242 hotline 022-49414242 in Mumbai and these details would be sent to the caller via SMS.
Dial4242 has secured seed capital of approximately Rs. 1 crore from an angel for the purpose of R&D, market research, product development and operations. The technology backed platform has been in development and testing stages for over four months ensuring that it achieves best results in all circumstances and conditions and is now ready for public use. The company is currently in conversation with multiple investors for raising its next round of funds and is being led by its Co-founder and Chairman Nilesh Mahambre. Dial4242 has currently tied up with Wockhardt Hospital, Mira Road and will be exploring associations with other hospitals and medical services entities as a part of service expansion.
Speaking on the launch, Nilesh Mahambre, Chairman and Co-founder, Dial4242 said
When a taxi can arrive in 5 minutes, why can’t an ambulance? This was the moot point for the conceptualization of Dial4242. Today through a couple of simple taps, we can call for anything from food to cabs; however, it’s surprising that people have to go through so many layers of communications for an ambulance. We are attempting to address this need gap with Dial4242.
I owe this idea to my dad. My personal experience during his illness is what led me to believe that there is the need to ease up the anxiety levels of people during medical emergencies. Dial 4242 is an idea which has arrived. It is our endeavour to build a mutually beneficial ecosystem where in the ambulance driver gets his due respect and the customer has the power to save lives with timely action.
Bhalchandra Padwal, Head Digital Strategy, Aoen Digital, the exclusive technology partner for the platform present at the event said
We are partners to the idea, belief and the vision of being able to save human lives with technical assist. Having Aeon Digital on board we will ensure that there are regular updates and innovation in technology to further simplify our entire offering.
Ravi Hirwani, Head – Hospital Operations, Wockhardt Hospital, Mira Road said
Dial4242 is an innovative model and we see great value in associating with such a platform which shall ensure a smooth and hassle-free ambulance booking process. We believe that technology and automating systems is a need of the day and Dial4242 is a perfect fit. We are certain that patients will benefit from the services being provided by Dial4242 and we welcome and support the efforts being made to streamline the system.” added on associating with Dial4242
Dial4242 services are available from May 18, 2017 across South Mumbai, Western Suburbs and from Virar to Thane and can be used for outstation travel needs as well. The company is in the process of extending their services to entire Mumbai by June. Over 140 ambulances have already signed up with Dial4242 and the company hopes to increase this number to 500 across Mumbai by year end simultaneously launch across India in phases.
The Dial4242 app is currently available to download for free via the Google PlayStore. The iOS version of the app will be available on the App Store shortly.
Founded in January 2017 by Nilesh Mahambre, Jeetendra Lalwani, and Himanshu Sharma DIAL4242 is an entity of Health Wheels Pvt Ltd and goes it with a tagline ‘Be a Hero, Save a Life’. Dial 4242 has been built to deliver the best in emergency care to people and to empower an individual with its fair and seamless ambulance booking service. The mobile app connects users to emergency facilities by providing a timely ambulance service when in need. By aggregating ambulances, Dial4242 aims to build a convenient ambulance booking ecosystem for drivers, the ones in need and its network of hospitals in India.For more information, please visit Dial4242
LinkedInhas announced the 2017 list of Top Companies in India. Formerly titled Top Attractors 2016, the annual ranking spotlights India’s most sought-after employers. The list is fueled by exclusive LinkedIn data, including job seeker reach, engagement and retention, paired with an editorial lens that examines the billions of actions by LinkedIn’s 500+ million members.
The top two spots in the list continue to be held by Flipkart and Amazon respectively, for the second year in a row. The list of 25 Top Companies in India also saw over 30% of new entrants, namely One97 Communications [#4], Tech Mahindra [#14], Swiggy [#15], IDFC Bank [#17], Vodafone [#20], Grofers [#22], McKinsey & Company [#24] and Oracle [#25]. Among the companies making upward movements are Ola from last year’s #10 to #5, OYO Rooms from #16 to #9, Reliance Industries from #23 to #10, and Cisco from #24 to #16.
While every company on the India list fosters a unique culture and robust business model, it revealed a few standout insights:
Industry Disruptors Gain Preference – Professionals are attracted to companies that disrupt the status quo and lead by example. Case in point, Ola at #5 has revolutionized the urban mobility by creating an ingenious business model with services like Ola Play, Fleet, Shuttle etc.
Similarly, OYO Rooms ranked at #9, has transformed the hospitality industry to become a budget traveler’s first choice. Internet companies that have proved their mettle as disruptors in their space also made it to the list. These include some of the biggest homegrown names in their respective categories such as MakeMyTrip [#23] and Swiggy .
Inclination Towards Homegrown Companies – Offering new possibilities and opportunities for talent within the country, homegrown companies are increasingly being considered by job seekers. From leading tech multinationals to startups, 13 homegrown companies found place in the list including HCL Technologies [#6], and Wipro [#18].
The list also saw six startups [including two unicorns] making it to the top 25, including Flipkart [#1], One97 Communications [#4], OYO Rooms [#9] and Grofers [#22] among others.
Irfan Abdulla, Director Talent Solutions & Learning Solutions, LinkedIn India said
India Inc is thriving, backed by an increasing business friendly sentiment and a positive economic trajectory. Understanding the pulse of a younger employee base, enterprises in India are working to build an ethos that drives performance and also delivers a rich workplace experience. We analysed India’s most attractive employers to understand how their culture and growth opportunities appeal to Indian professionals and interestingly, home grown companies are leading the list.
The complete list of the Top Companies is below
Many of the companies have one thing in common, they reward their employees well. From unique welcome traditions to offering sabbaticals for tenured employees and well-being programs, companies offer perks in order to retain employees. Some of the interesting things that companies are giving their employees include:
Flipkart – On their first day, employees are picked up by chauffeur-driven cars and sent on a treasure hunt to familiarize themselves with the office. Employees with over two years at Flipkart can take a career break to pursue higher studies, spend time with family or attend to medical emergencies.
Amazon – Amazon offers ‘leave share’ as part of their parental leave policy, allowing employees to gift six weeks of paid leave to a spouse or partner who isn’t eligible for parental leave at their employer.
Adobe – The company has initiated many programs that emphasize its commitment to employee health. From a doctor on campus to providing free consultations to employees and their families, the company believes keeping its people healthy is the key to building a strong company culture.
Irfan Abdulla, Director Talent Solutions & Learning Solutions, LinkedIn India added
All top companies in India have a strong talent brand, powered by culture and purpose. While these factors are the main drivers in attracting talent, the key to retaining employees is to create an environment where employees can grow by working on meaningful projects and contributing to the organization’s success.
Some companies that demonstrate this vision include
KPMG India – KPMG India employees get the opportunity to tackle some of the biggest issues facing Indian businesses and governments today, like redefining urban growth in Maharashtra or helping guide the future of renewable energy
HCL Technologies – Promoting the concept of ‘Ideapreneurship’, HCL Technologies has created an atmosphere where employees are taking the lead in finding solutions and ideas and then driving them to fruition
LinkedIn Top Companies List Methodology
The Top Companies list is a part of the LinkedIn List franchise, which celebrates companies and individuals making an impact in the professional world, and it spotlights the companies that attract and retain top talent globally. The list is fueled by a combination of exclusive LinkedIn data including reach, engagement, job interest, retention and an editorial lens. It’s based on the actions of job seekers and professionals with editorial oversight, highlighting the companies most sought-after today.
The wrap of Google I/O Day 2 saw several technical sessions, tracks and announcements across the Google product ecosystem. Here are the major takeaways for developers in areas including Android Instant Apps, Progressive Web Apps, and numerous improvements in developer tools.
Play Developer and Android Instant Apps
Developers can grow their business with the subscriptions dashboard, which helps them retain subscribers by providing new metrics, like subscriber churn. With Play app signing, Play can now manage the ‘signing keys’ developers use to keep their apps secure, reducing risk from lost keys and allowing Play to reduce APK size. The revamped Play Console includes Android vitals so developers can identify and fix bad behaviors in their app, reducing crashes and battery drain.
On the Android side, instant app development is now open to all developers today with the Android Instant Apps SDK, enabling a new approach for running apps with no installation required. Learn more on the Play Developer blog and the Instant Apps Blog.
Mobile Web momentum with Progressive Web Apps
Progressive Web Apps [PWAs] have gone mainstream as developers globally are increasingly relying on them, and their progress was on display at I/O. If you are a developer building for the mobile Web, PWAs allow you to give users a polished, app-like experience [with easy navigation, offline features, and more], without going through an install step first. At I/O, Google shared more on how PWAs are becoming increasingly popular, especially in emerging markets where data and connectivity are limited.
For example, well-known developers like Twitter, Forbes, and Lancome have seen significant traction with PWA usage, and several teams within Google are also building their own PWAs, including Search, Maps, and more. Learn more on the Mobile Web blog.
Google announced improvements to Firebase, Google’s unified app SDK which launched at I/O last year. Firebase enables developers to build and manage their apps and grow their businesses using Google’s tools. Among the announcements is Firebase Performance Monitoring, which gives developers visibility into how users are experiencing their apps across a variety of devices and network conditions.
AdMob, Google’s mobile ad platform, has a newly-redesigned intuitive UI, app-centric dashboards, and a simpler sign-up flow. AdMob also now gives developers a more complete picture of ‘lifetime value’ – including how often people use the apps, how likely they are to take action within the app/re-engage with it, and how healthy the app’s growth is.
Next, there are new updates to Universal App Campaigns to help developers reach more engaged users across Google’s largest properties. And finally, the new App Attribution Partner Program will now give AdWords users a more consistent understanding of their app’s advertising campaign performance to make better marketing decisions. Learn more on the Ads blog.
Google announced several enhancements to the core technologies that enable VR and AR, and in platforms that make them accessible to more people. In Tango, the technology that enables devices to track motion and understand depth and space, Google announced WorldSense – a positional tracking technology that makes the newly-announced Daydream standalone VR headsets work without any external sensors.
Standalone headsets, a new category of devices built by Google’s partners, are also coming to Daydream later this year. They are easy to use, and the form factor enables partners to optimize components like sensors and displays for VR. And with more than 150 apps, there’s lots to explore, watch and do in VR, regardless of which Daydream-ready device you choose.
The upcoming 2.0 release for all headsets, Daydream Euphrates, has features that make VR more fun and easier to share with others. You will be able to capture what you are seeing, as well as cast your virtual world right onto the screen in your living room. And, soon, you will be able to watch YouTube videos in VR with other people and share the experience in the same virtual space. Learn more on the Daydream blog.
Yahoo announced Athenz, an open-source platform for fine-grained access control, to the community. Athenz is a Role-Bsed Access Control [RBAC] solution, providing trusted relationships between applications and services deployed within an organization requiring authorized access.
If you need to grant access to a set of resources that your applications or services manage, Athenz provides both a centralized and a decentralized authorization model to do so. Whether you are using container or VM technology independently or on bare metal, you may need a dynamic and scalable authorization solution.
Athenz supports moving workloads from one node to another and gives new compute resources authorization to connect to other services within minutes, as opposed to relying on IP and network ACL solutions that take time to propagate within a large system. Moreover, in very high-scale situations, you may run out of the limited number of network ACL rules that your hardware can support.
Prior to creating Athenz, we had multiple ways of managing permissions and access control across all services within Yahoo. To simplify, we built a fine-grained, role-based authorization solution that would satisfy the feature and performance requirements our products demand. Athenz was built with open source in mind so as to share it with the community and further its development.
At Yahoo, Athenz authorizes the dynamic creation of compute instances and containerized workloads, secures builds and deployment of their artifacts to our Docker registry, and among other uses, manages the data access from our centralized key management system to an authorized application or service.
Athenz provides a REST-based set of APIs modeled in Resource Description Language [RDL] to manage all aspects of the authorization system, and includes Java and Go client libraries to quickly and easily integrate your application with Athenz. It allows product administrators to manage what roles are allowed or denied to their applications or services in a centralized management system through a self-serve UI.
Access Control Models
Athenz provides two authorization access control models based on your applications’ or services’ performance needs. More commonly used, the centralized access control model is ideal for provisioning and configuration needs. In instances where performance is absolutely critical for your applications or services, we provide a unique decentralized access control model that provides on-box enforcement of authorization.
Athenz’s authorization system utilizes two types of tokens: principal tokens [N-Tokens] and role tokens [Z-Tokens]. The principal token is an identity token that identifies either a user or a service. A service generates its principal token using that service’s private key. Role tokens authorize a given principal to assume some number of roles in a domain for a limited period of time. Like principal tokens, they are signed to prevent tampering. The name ‘Athenz’ is derived from ‘Auth’ and the ‘N’ and ‘Z’ tokens.
Centralized Access Control:The centralized access control model requires any Athenz-enabled application to contact the Athenz Management Service directly to determine if a specific authenticated principal [user and/or service] has been authorized to carry out the given action on the requested resource. A service receives a simple Boolean answer whether or not the request should be processed or rejected. In this model, the Athenz Management Service is the only component that needs to be deployed and managed within your environment. Therefore, it is suitable for provisioning and configuration use cases where the number of requests processed by the server is small and the latency for authorization checks is not important.
The diagram below shows a typical control plane-provisioning request handled by an Athenz-protected service.
Decentralized Access Control: This approach is ideal where the application is required to handle large number of requests per second and latency is a concern. It’s far more efficient to check authorization on the host itself and avoid the synchronous network call to a centralized Athenz Management Service. Athenz provides a way to do this with its decentralized service using a local policy engine library on the local box.
The authorization policies defining which roles have been authorized to carry out specific actions on resources, are asynchronously updated on application hosts and used by the Athenz local policy engine to evaluate the authorization check. In this model, a principal needs to contact the Athenz Token Service first to retrieve an authorization role token for the request and submit that token as part of its request to the Athenz protected service. The same role token can then be re-used for its lifetime.
The diagram below shows a typical decentralized authorization request handled by an Athenz-protected service.
With the power of an RBAC system in which you can choose a model to deploy according your performance latency needs, and the flexibility to choose either or both of the models in a complex environment of hosting platforms or products, it gives you the ability to run your business with agility and scale.
Looking to the Future
Yahoo is actively engaged in pushing the scale and reliability boundaries of Athenz. As Yahoo enhances Athenz, it looks forward to working with the community on the following features:
Using local CA signed TLS certificates
Extending Athenz with a generalized model for service providers to launch instances with bootstrapped Athenz service identity TLS certificates
Integration with public cloud services like AWS. For example, launching an EC2 instance with a configured Athenz service identity or obtaining AWS temporary credentials based on authorization policies defined in ZMS.
Their goal is to integrate Athenz with other open source projects that require authorization support and we welcome contributions from the community to make that happen. It is available under Apache License Version 2.0. To evaluate Athenz, we provide both AWS AMI and Docker images so that you can quickly have a test development environment up and running with ZMS [Athenz Management Service], ZTS [Athenz Token Service], and UI services. For more information, please visit Athenz