Beyond RBAC
Facebook Twitter LinkedIn

Modern Authorization Panel - Going Beyond RBAC

Combined Session
Wednesday, May 10, 2023 17:50—18:30
Location: B 07-08

Every cloud-native application needs some form of access control. Most applications provide role-based access control (RBAC), which has limitations when it comes to enterprise scale and fine-grained access control. 
Zero trust architectures require us to go further. Following the principle of least privilege, modern cloud apps can implement just in time authorization with fine-grained controls. With a fine-grained model, access rules can be defined on the application’s resources, often down to individual items. And a just-in-time model helps ensure the user has access to what they need, when they need it.

Two ecosystems are emerging around modern authorization: Policy-as-code and policy-as-data. Open Policy Agent (OPA) brings a policy-as-code approach to fine-grained authorization, and Google’s Zanzibar is the most known representative of the policy-as-data camp.
Join the panelists to discuss new developments in modern authorization, and compare the strengths and weaknesses of policy-as-code and policy-as-data as foundational models for a robust access control system.

Gert Drapers
Gert Drapers
Gert Drapers is the co-founder and CTO of, leading technology implementation and strategy. A widely recognized expert in the data and developer space, Gert has built and operated various...
Anders Eknert
Anders Eknert
Anders Eknert has a long background in software development and security. Previously in his career, Anders focused primarily on identity systems. He has spent more recent years in the emerging...
Sebastien Faivre
Sebastien Faivre
Brainwave GRC
Sebastien is Chief Technical Officer and co-founder at Brainwave GRC, responsible for product vision, features and design. Sebastien is a seasoned Product Management expert with more than 20 years...
Benoit Grangé
Benoit Grangé
Benoit brings over 25 years of experience in leading teams to build world-class products and services focused on delivering an exceptional customer experience and security. Benoit is a technology...
Michael Lind Mortensen
Michael Lind Mortensen
Michael is a leader in one of Denmark's biggest banking consortiums, Bankdata, managing zero-trust decentralized authorization for 8 member banks and 2000+ APIs. Michael has also been a board...
Atul Tulshibagwale
Atul Tulshibagwale
Atul is a federated identity pioneer and the inventor of the Continuous Access Evaluation Protocol (CAEP), forming the basis of the Shared Signals and Events working group in the OpenID Foundation,...


On-Demand Access
Re-live EIC 2023
Watch 200 sessions on-demand
Download all available presentations
Subscribe for updates
Please provide your email address