Every cloud-native application needs some form of access control. Most applications provide role-based access control (RBAC), which has limitations when it comes to enterprise scale and fine-grained access control.
Zero trust architectures require us to go further. Following the principle of least privilege, modern cloud apps can implement just in time authorization with fine-grained controls. With a fine-grained model, access rules can be defined on the application’s resources, often down to individual items. And a just-in-time model helps ensure the user has access to what they need, when they need it.
Two ecosystems are emerging around modern authorization: Policy-as-code and policy-as-data. Open Policy Agent (OPA) brings a policy-as-code approach to fine-grained authorization, and Google’s Zanzibar is the most known representative of the policy-as-data camp.
Join the panelists to discuss new developments in modern authorization, and compare the strengths and weaknesses of policy-as-code and policy-as-data as foundational models for a robust access control system.