Company Updates & Technology Articles
Hard coded logic vs externalized authorization service
Most developers start building permissions by sprinkled in authorization logic to various parts of the code. While a common pattern, embedding authorization logic within the application code has several limitations compared to externalized authorization. In this post, we describe those limitations and the benefits of externalized authorization.
Announcing Topaz 0.30!
We're thrilled to announce Topaz 0.30! In the post we share all of the new features, including an upgraded modeling language with generalized support for subject-relations and intersections. A console that makes it easy to visualize and edit the policy, model, objects, and relationships. An evaluation environment and templates for simple RBAC, multi-tenant RBAC, Google Docs, and ABAC scenarios, to name a few.
Open Policy Agent vs Google Zanzibar
There are two approaches to modern authorization. One extracts authorization logic from code and expresses it as a policy, and the other bases access on relationships between users/groups and application resources. In this post, we describe the pros and cons of each approach by reviewing representatives of each: OPA vs Zanzibar.
It's time for authorization standards: AuthZEN
Today each authorization vendor supports its own APIs and protocols. But there's an appetite to change this. We’re in the early innings of a promising effort called AuthZEN, where the authorization community is hoping to establish a set of patterns and standards for externalized authorization. Read all about in this post.
Using scopes vs. permissions for application authorization
One of the earliest authorization patterns applications implement bases access on OAuth 2.0 scopes that are embedded in access tokens issued by an identity provider. While convenient, this method has significant limitations. In this post, we describe those limitations and provide alternatives for managing application permissions.
The power of externalized authorization
Eternalizing authorization into a purpose built service has many benefits. In this post, we describe those benefits and demonstrated the power of externalized authorization, namely the ability to add or change functionality based on policy change alone and without re-deploying the application.
Netflix authorizes extra members using environmental attributes
Netflix recently rolled out a system to combat account sharing, on a global scale. The enforcement system uses environmental attributes to determine access. This is a great real-world use-case for an attribute-based access control (ABAC) system. Get all the details in the post!