Home Interactive · Zero Trust

Is this access allowed?

Zero Trust means every request is judged on its own merits — identity, device, context — not on where it came from. Change the conditions below and watch the decision update live, with the reasoning shown. This is what "per-request, context-aware access" actually feels like.

Try a scenario

Re-evaluated on every change — exactly like a real Zero-Trust policy engine

How the verdict is decided

No black box — the engine evaluates rules in strict precedence and returns the first that matches:

Identity first. An unverified identity is denied before any other signal is even considered — identity is the control plane.
Hard denials. Deny if any of these hold: no MFA on admin or crown-jewel access · an anomalous / impossible-travel network on high-value access · anomalous behaviour during a privileged request · an unknown device reaching crown-jewel data.
Step-up. Where risk is elevated but not disqualifying — high-value access without phishing-resistant MFA, a sensitive resource from a less-trusted device or network, or unusual behaviour — the engine requires a stronger challenge rather than blocking outright.
Allow — and keep watching. If nothing triggers, access is granted at least privilege and continuously re-evaluated; trust is revoked the moment the context changes.

Deterministic and transparent: the same inputs always produce the same verdict, and every factor's contribution is shown in the trace. No data leaves your browser.

How this maps to NIST SP 800-207

The model isn't arbitrary — it mirrors the core of the NIST Zero Trust Architecture (SP 800-207):

The engine is a Policy Decision Point. It evaluates each request against policy and returns a verdict that a Policy Enforcement Point would apply — the PDP/PEP split at the heart of 800-207.
The inputs are the trust signals 800-207 names — subject identity, asset (device) posture, environmental and behavioural risk, and the sensitivity of the resource being requested.
Access is per-request and least-privilege. A verdict authorises one request to one resource — never standing, blanket access.
Trust is continuously evaluated. 800-207's continuous diagnostics in miniature: change any signal and the decision recomputes, because trust can be revoked the moment context shifts.

This is a teaching model, not a product — but the reasoning is faithful to the standard. The deeper argument is in Zero Trust Is an Identity Problem, and you can benchmark your own program with the IAM Maturity Index.