Our great sponsors
-
OPAL
Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...) (by permitio)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
I’m from Permit.io, we provide permissions as service, with low-code on top of OPA + OPAL, and Zanzibar.We are trying to decide if the concept of ownership (e.g. user A owns resource B) should be a direct concept in the system, or if we should just keep it as an attribute you can set conditions on.Example of current first-class citizens we have - Tenant (a silo for identities and resources that belong together), Roles (set of permissions that can be provided to a user/identity per tenant / in general).On one hand ownership is a very common relationship / attribute - and it makes sense simplifying. On the other hand we do have a generic ABAC (and soon ReBAC interface), and this can be a slippery slope.WDYT ?
Related posts
- Top 5 Access Control Features You Should Implement in 2024
- OPAL: A Flexible, Self-Hosted Authorization Solution Inspired by Netflix's AuthZ Strategy
- Policy as Code Open Source Project – Roadmap Questions
- Terraform Provider for Application-level Authorization
- Best Practices for Authorization in Microservices