CloudEXPO 2018
Back To Schedule
Tuesday, November 13 • 7:00pm - 7:40pm
Authorization for DevOps

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Authorization for DevOps

Authorization of web applications developed in the cloud is a fundamental problem for security, yet companies often build solutions from scratch, which is error prone and impedes time to market. This talk shows developers how they can (instead) build on-top of community-owned projects and frameworks for better security.

Whether you build software for enterprises, mobile, or internal microservices, security is important. Standards like SAML, OIDC, and SPIFFE help you solve identity and authentication, but for them authorization is out of scope. When you need to control "who can do what" in your app, you are on your own.

To solve authorization, you may be tempted to hardcode logic against SAML assertions, scopes, or X.509 certificate attributes. But, approaches like this lead to systems that are hard to understand and painful to maintain.

This talk shows how to leverage the Open Policy Agent (which is used by companies like Netflix and Chef) to build a powerful authorization system on top of industry-standard authentication protocols. The talk showcases how decoupling leads to authorization solutions that are easier to understand while enabling fine-grained control over the app.

avatar for Ash Narkar

Ash Narkar

Software Engineer, Styra
Ash Narkar is a core contributor to the open source Open Policy Agent project. Ash has 5 years of experience working on large-scale distributed systems. Ash is a Software Engineer at Styra, Inc working on OPA development and integrations. Previously he was a Principal Engineer at... Read More →

Tuesday November 13, 2018 7:00pm - 7:40pm EST
01 Cloud-Native and Serverless (PROMENADE SUITE) Cloud-Native, Serverless, Docker, Kubernetes