Blockchain Application Firewall

Easily Control Authentication and Authorization to Blockchain Nodes

With Kaleido's blockchain application firewall you can quickly and easily manage how dapps, wallets, and more authenticate and access your blockchain nodes.
What it is

What It Is

The Kaleido Blockchain Application Firewall (BAF) provides rich options for authentication and authorization of application connections to your blockchain resources.  The service easily integrates with your existing OpenID provider and allows for low-level blockchain permissions to be embedded in user authentication tokens. BAF provides organizational admins with a single source of truth for end-user role based access control, and allows operators to easily add or rescind permissions within their existing user directories. Additionally, by supporting an OAuth-based authentication flow, the critical application credentials providing secure access to the Kaleido resource endpoints are never exposed.

Ethereum JSON-RPC Gateway

Provides an API surface for the Ethereum JSON-RPC requests. Supports the implementation-specific management APIs of go-ethereum, Quorum and Pantheon.

Configurable Endpoint Rules

On a per API endpoint basis, or per namespace basis, turn the API on or off so that JSON-RPC requests will be accepted to rejected according to the rules.

Supports Management APIs

In an enterprise context, these APIs are typically considered privileged and should be reserved for special users in the administrative roles.

How it works

How it Works

The Blockchain Application Firewall can have a range of potential uses for your organization including: 

  • Connecting the firewall with an IAM (Identity and Access Management) server
  • Restricting and mapping access to signing keys 
  • Connecting web and mobile wallets to nodes with limited access

The Blockchain Application Firewall can be configured to trust your IAM server, whether it's a private instance of KeyCloak, Otka, Microsoft Azure Active Directory, or any other system that issues tokens as signed JSON Web Tokens (JWT). This allows users to enjoy a standard sign-in procedure to blockchain applications such as the familiar username and password, multi-factor authentication, etc. 

In your organization you may find you have keys for different teams within an organization, or for different types of operation, or maybe thousands of keys allocated to individual users of your application. This is why it’s important to restrict access to signing with these keys only to authorized connections, which the Blockchain Application Firewall allows your organization to do. The firewall analyzes each JSON/RPC request as it passes through, checking for attempts to sign transactions and authorizing them against a rule-set that specifies which keys are allowed to be used by that connection. This capability works in tandem with your application level security. You can configure static rules to configure access to keys, or dynamic rules based on issuing JWT tokens in your application tier or IAM system to restrict signing access.

In applications where users have their identity or key which signs transactions from their web or mobile device, they need to be able to submit pre-signed transactions to the blockchain node. The JSON/RPC interface of the node will end up needing to be exposed to the application for sending the transactions, which is where the Blockchain Application Firewall comes into play. The firewall provides an additional layer of security for these connections, on top of the default boundary security built into the Kaleido platform.

Why Kaleido

Why Kaleido

Kaleido's platform is different because it has everything businesses need to create complete blockchain solutions. With just a few clicks, you can create a blockchain network, deploy it globally, set up governance, and include additional services.

Blazing Fast Deployment, Speed, and Scale

Deploy Production-Ready Blockchain Networks and Digital Assets in Minutes
Amazingly Low Cost Per Transaction
Multi-Party, Cross-Cloud, and Multi-Region Support
Built-In High Availability and Disaster Recovery
400+ APIs and 40+ Services to Accelerate Development

No Lock-in and Open Source Technologies

Support for Multiple Blockchain Protocols
Enterprise Integrations and Marketplace
Customizable Decentralization Options
Actively Leading New Standards and Technologies

Proven Enterprise Platform and Expertise

ISO and SOC2 Certified
SLAs and  24/7 Support
On-Chain and Off-Chain Services
Secure Key Management
Built-In Monitoring and Smart Contract Management
Additional Resources
Learn More About
Blockchain Application Firewall
Ready to Get Started With
Blockchain Application Firewall