Company Updates & Technology Articles

Hard coded logic vs externalized authorization service

Most developers start building permissions by sprinkled in authorization logic to various parts of the code. While a common pattern, embedding authorization logic within the application code has several limitations compared to externalized authorization. In this post, we describe those limitations and the benefits of externalized authorization.

Blog post cover

Announcing Topaz 0.30!

We're thrilled to announce Topaz 0.30! In the post we share all of the new features, including an upgraded modeling language with generalized support for subject-relations and intersections. A console that makes it easy to visualize and edit the policy, model, objects, and relationships. An evaluation environment and templates for simple RBAC, multi-tenant RBAC, Google Docs, and ABAC scenarios, to name a few.

Nov 6th, 2023

Blog post cover

Open Policy Agent vs Google Zanzibar

There are two approaches to modern authorization. One extracts authorization logic from code and expresses it as a policy, and the other bases access on relationships between users/groups and application resources. In this post, we describe the pros and cons of each approach by reviewing representatives of each: OPA vs Zanzibar.

Nov 1st, 2023

Blog post cover

It's time for authorization standards: AuthZEN

Today each authorization vendor supports its own APIs and protocols. But there's an appetite to change this. We’re in the early innings of a promising effort called AuthZEN, where the authorization community is hoping to establish a set of patterns and standards for externalized authorization. Read all about in this post.

Oct 23rd, 2023

Blog post cover

Using scopes vs. permissions for application authorization

One of the earliest authorization patterns applications implement bases access on OAuth 2.0 scopes that are embedded in access tokens issued by an identity provider. While convenient, this method has significant limitations. In this post, we describe those limitations and provide alternatives for managing application permissions.

Oct 18th, 2023

Blog post cover

The power of externalized authorization

Eternalizing authorization into a purpose built service has many benefits. In this post, we describe those benefits and demonstrated the power of externalized authorization, namely the ability to add or change functionality based on policy change alone and without re-deploying the application.

Oct 11th, 2023

Blog post cover

Netflix authorizes extra members using environmental attributes

Netflix recently rolled out a system to combat account sharing, on a global scale. The enforcement system uses environmental attributes to determine access. This is a great real-world use-case for an attribute-based access control (ABAC) system. Get all the details in the post!

Sep 27th, 2023