Authorization (AuthZ) and Authentication (AuthN) go hand in hand in ensuring zero-trust in your system landscape. But while scaling identity can be done by centralizing it in an IAM solution, centralizing authorization is seldom a scalable solution. Increased latency, varying requirements and maintainability are all key reasons to want a more decentralized solution that can adapt and scale.
In this talk we will describe how to use Open Policy Agent (OPA) to achieve decentralized authorization in a multi-platform API landscape, including both modern and legacy platforms, while simultanously ensuring centralized compliance controls and enforcement.
Every cloud-native application needs some form of access control. Most applications provide role-based access control (RBAC), which has limitations when it comes to enterprise scale and fine-grained access control.
Zero trust architectures require us to go further. Following the principle of least privilege, modern cloud apps can implement just in time authorization with fine-grained controls. With a fine-grained model, access rules can be defined on the application’s resources, often down to individual items. And a just-in-time model helps ensure the user has access to what they need, when they need it.
Two ecosystems are emerging around modern authorization: Policy-as-code and policy-as-data. Open Policy Agent (OPA) brings a policy-as-code approach to fine-grained authorization, and Google’s Zanzibar is the most known representative of the policy-as-data camp.
Join the panelists to discuss new developments in modern authorization, and compare the strengths and weaknesses of policy-as-code and policy-as-data as foundational models for a robust access control system.