Blockchain Application Firewall

Easily Control Authentication and Authorization to Blockchain Nodes

With Kaleido's blockchain application firewall you can quickly and easily manage how dapps, wallets, and more authenticate and access your blockchain nodes.
What it is

Application Firewall for Blockchain Apps

The Kaleido Blockchain Application Firewall (BAF) provides rich options for authentication and authorization of application connections to your blockchain resources.  The service easily integrates with your existing OpenID provider and allows for low-level blockchain permissions to be embedded in user authentication tokens. BAF provides organizational admins with a single source of truth for end-user role based access control, and allows operators to easily add or rescind permissions within their existing user directories. Additionally, by supporting an OAuth-based authentication flow, the critical application credentials providing secure access to the Kaleido resource endpoints are never exposed.

Ethereum JSON-RPC Gateway

Provides an API surface for the Ethereum JSON-RPC requests. Supports the implementation-specific management APIs of go-ethereum, Quorum and Pantheon.

Configurable Endpoint Rules

On a per API endpoint basis, or per namespace basis, turn the API on or off so that JSON-RPC requests will be accepted to rejected according to the rules.

Supports Management APIs

In an enterprise context, these APIs are typically considered privileged and should be reserved for special users in the administrative roles.

How it Works

The Blockchain Application Firewall can have a range of potential uses for your organization including: 

  • Connecting the firewall with an IAM (Identity and Access Management) server
  • Restricting and mapping access to signing keys 
  • Connecting web and mobile wallets to nodes with limited access

The Blockchain Application Firewall can be configured to trust your IAM server, whether it's a private instance of KeyCloak, Otka, Microsoft Azure Active Directory, or any other system that issues tokens as signed JSON Web Tokens (JWT). This allows users to enjoy a standard sign-in procedure to blockchain applications such as the familiar username and password, multi-factor authentication, etc. 

In your organization you may find you have keys for different teams within an organization, or for different types of operation, or maybe thousands of keys allocated to individual users of your application. This is why it’s important to restrict access to signing with these keys only to authorized connections, which the Blockchain Application Firewall allows your organization to do. The firewall analyzes each JSON/RPC request as it passes through, checking for attempts to sign transactions and authorizing them against a rule-set that specifies which keys are allowed to be used by that connection. This capability works in tandem with your application level security. You can configure static rules to configure access to keys, or dynamic rules based on issuing JWT tokens in your application tier or IAM system to restrict signing access.

In applications where users have their identity or key which signs transactions from their web or mobile device, they need to be able to submit pre-signed transactions to the blockchain node. The JSON/RPC interface of the node will end up needing to be exposed to the application for sending the transactions, which is where the Blockchain Application Firewall comes into play. The firewall provides an additional layer of security for these connections, on top of the default boundary security built into the Kaleido platform.

Why Kaleido

Everything You Need to Build Enterprise-Grade Blockchain and Digital Asset Solutions

Kaleido's blockchain platform makes it radically simple for businesses to create complete web3 networks and applications. With just a few clicks, you can launch a blockchain network, deploy it globally, set up governance, and start plugging in familiar services.

Quickly Launch Blockchain

Launch blockchain networks in minutes
Choose from leading protocols
Select permissioned chains, appchains,  sidechains, or consortium chains
Deploy on AWS, Azure or on-prem
Stand up nodes worldwide in regions of your choice

Simplify Development to Get to
Production Fast

Access 40+ plug-and-play services for wallets, key management, storage, data, and more
Automate management and deployment with our fully API-enabled platform
Turn any smart contract into familiar APIs with our smart contract API generator
Make digital assets, NFTs, and consortia easy with our dedicated solutions
Mint, manage, and burn tokens at scale with robust tooling

All Backed by Enterprise-Grade Infrastructure and Support

Modern cloud scale architecture
Built-in high availability and disaster recovery
ISO 27k and SOC 2 Type 2 compliant
Integrate seamlessly with existing internal systems
Open source tech and no vendor lockin
24x7 support and SLAs
Additional Resources
Learn More About the Blockchain Application Firewall

Get started with Blockchain Application Firewall?

No Credit Card Required
ISO27K & SOC2 Type 2 Compliant
Free Training & Support