BCB Entitlements & Authorization Platform

Developed a comprehensive Entitlements capability for BCB Group, a regulated financial services company. This platform implements attribute-based policy-driven security for authorisation across the entire technology stack. The system was critical to BCB Group securing their French Electronic Money Institution (EMI) licence, demonstrating its compliance with stringent European financial regulations. The platform handles complex authorisation scenarios across microservices, ensuring that every action within the banking system is properly authorised based on user attributes, roles, and contextual policies. This project showcases deep expertise in financial services security, regulatory compliance, and enterprise architecture patterns essential for banking technology.

The entitlements platform follows a centralized policy decision point (PDP) architecture with distributed policy enforcement points (PEP) across all microservices. Key architectural components: 1. Policy Decision Point (PDP): Central service that evaluates access requests against defined policies 2. Policy Enforcement Points (PEPs): Middleware integrated into each microservice 3. Policy Administration Point (PAP): Admin interface for managing policies and attributes 4. Policy Information Point (PIP): Aggregates user and resource attributes from various sources The system uses an event-driven approach for attribute synchronization and implements caching strategies to minimize latency in authorization decisions.