Introduction to Ockam
Trust for Data-in-Motion
Ockam is a suite of open source tools, programming libraries, and managed cloud services to orchestrate end-to-end encryption, mutual authentication, key management, credential management, and authorization policy enforcement – at massive scale.
Modern applications are distributed and have an unwieldy number of interconnections that must trustfully exchange data. To build trust for data-in-motion, applications need end-to-end guarantees of data authenticity, integrity, and confidentiality. To be private and secure by-design, applications must have granular control over every trust and access decision. Ockam allows you to add these controls and guarantees to any application.
Ockam was made for millions of builders. We are passionate about simple developer experiences and easy to use tools. If you can spin up EC2 or write data to a database from your application, then you are one of the millions of builders that already have the expertise to use Ockam.
Ockam empowers you to:
  • Create end-to-end encrypted, authenticated Secure Channels over any transport topology.
  • Provision Encrypted Relays for trustful communication within applications that are distributed across many edge, cloud and data-center private networks.
  • Tunnel legacy protocols through mutually authenticated and encrypted Portals.
  • Add-ons to bring end-to-end encryption to enterprise messaging, pub/sub and event streams.
  • Generate unique cryptographically provable Identities and store private keys in safe Vaults. Add-ons for hardware or cloud key management systems.
  • Operate project specific and scalable Credential Authorities to issue lightweight, short-lived, easy to revoke, attribute-based credentials.
  • Onboard fleets of self-sovereign application identities using Secure Enrollment Protocols to issue credentials to application clients and services.
  • Rotate and revoke keys and credentials – at scale, across fleets.
  • Define and enforce project-wide Attribute Based Access Control (ABAC) policies.
  • Add-ons to integrate with enterprise Identity Providers and Policy Providers.
Export as PDF
Copy link
Edit on GitHub