Our great sponsors
-
warrant
Warrant is a highly scalable, centralized authorization service based on Google Zanzibar, used for defining, querying, and auditing application authorization models and access control rules.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
The specific challenge with authz in the app layer is that different apps can have different access models with varying complexity, especially the more granular you get (e.g. implementing fine grained access to specific objects/resources - like Google Docs).
Personally, I think a rebac (relationship/graph based) approach works best for apps because permissions in applications are mostly relational and/or hierarchical (levels of groups). There are authz systems out there such as Warrant https://warrant.dev/ (I'm a founder) in which you can define a custom access model as a schema and enforce it in your app.
Related posts
- Warrant – open-source Access Control Service
- Warrant v1.0 - Highly scalable, centralized authorization service based on Google Zanzibar, now v1.0 and production-ready
- Show HN: Open-Source, Google Zanzibar Inspired Authorization Service
- Why Google Zanzibar Shines at Building Authorization
- Warrant v0.27 - Open source, self-hostable, Zanzibar-inspired application authorization and access control service now with support for ABAC policies