About Security Services

The Predix platform provides Access Control Services (ACS) for application developers to add granular authorization mechanisms to access web applications and services without having to add complex authorization logic to their code. ACS works in conjunction with the User Account and Authentication (UAA) service in Cloud Foundry.

The User Account and Authentication (UAA) service is the primary authentication service on the Predix platform. It enables developers to add user authentication and authorization capabilities to their application. Application developers can obtain a UAA instance from the Predix marketplace and configure the instance to authenticate trusted users and clients for their application. UAA service offers a virtual OAuth2 server to customers to issue and validate tokens for client applications.

A combination of User Account and Authentication (UAA) service and Access Control Services (ACS) can provide a complete workflow for authentication and authorization. You can deploy various topologies when using UAA and ACS services. While the mechanism for authorization remains the same in all topologies, the authentication process varies depending on how the users are provisioned.