Authorization in Software Auth0

This episode explores the concept of Topaz, an authorization engine that unites policy as code, relationship-based authorization models like Zanzibar, and real-time decision-making. We discuss how Topaz is designed to handle fine-grained authorization, crucial in today's zero-trust environments, by making local decisions over local data. Omri discusses the architecture of Topaz, including its use of Open Policy Agent (OPA) and a triple store model for data.

You will gain insight into the challenges of authorization, the importance of keeping data and policies synchronized, and how Topaz addresses these issues. The conversation also touches on the practical aspects of implementing Topaz, such as data source integration, deployment models, and the flexibility it offers for different organizational needs.

This episode is essential for anyone interested in the latest trends and tools in software authorization, providing a comprehensive look at how Topaz is paving the way for more secure and efficient application development.

Dive into the world of advanced authorization with Gabriel Manor, Head of DevRel and Growth at Permit.io. In this episode of Authorization in Software, Damian Schenkelman engages Gabriel in a discussion on the Open Policy Authorization Layer, better known as OPAL.
Damian and Gabriel delve deep into how OPAL enables a structured and effective approach to authorization. They cover the shift from traditional Role-Based Access Control (RBAC) to the more dynamic Attribute-Based Access Control (ABAC), highlighting the need for granular control in modern application environments.
This episode is insightful for those interested in understanding the complexities of policy-based authorization systems. It discusses the challenges and benefits of decoupling authorization policies from application code, emphasizing the importance of streamlined policy management for secure and efficient software development.

In this episode of Authorization in Software, Damian Schenkelman sits down with John Huffaker, Distinguished Engineer at Box. They discuss how Box, a major file-sharing and collaboration platform, approaches authorization.
The conversation touches upon:
The importance of security for a platform like Box which handles sensitive data for countless users and businesses.A look into the different layers of security, including application  and infrastructure security.The challenges and solutions to ensure that Box remains impenetrableA detailed overview of the multiple layers involved in making different kinds of authorization decisions, from viewing files and folders to understanding user permissions and API accesses.And more...Tune in to get an inside look at the ways Box keeps their customers' data remains safe and the authorization mechanisms they employ to achieve this.

Join Jennifer Wong, a seasoned expert in product management and application security at Workday, as she takes us through a decade-long journey at the forefront of one of the world's leading financial and human capital management software companies. Dive into the complexities of platform solutions and the significance of reusable components, as Jennifer outlines how Workday achieves seamless interoperability, ensuring reduced time-to-value for their customers. Learn how authorization is crucial in a company that is trusted with sensitive data from global corporate giants, and how they maintain its revered industry-standard security, even as it grows through acquisitions. Learn about the nuances of their authorization capabilities, how they adapt to evolving threats, and the underlying principle of Zero Trust. If you're curious about how Workday handles user roles, permissions, and where authorization decisions are made, this episode is a must-listen.

In this episode, host Damian Schenkelman and cybersecurity expert Neil Madden deep dive into the world of macaroons for authorization. Neil starts by distinguishing between JSON Web Tokens (JWT) and macaroons, and shares the origins and unique properties of the latter. They discuss how these Google-invented tokens can enhance security by enabling the addition of conditions, or "caveats", to the token even after it's been issued. The discussion also includes the difference between first-party and third-party caveats, key considerations for implementing macaroons, and how they can be integrated into existing systems like OAuth.

Join us in this episode of Authorization in Software, where we're joined by Atul Tulshibagwale, CTO of SGNL. In an enlightening conversation with our host Damian Schenkelman, Atul dives deep into the concept of Real-Time Authorization, an innovative approach to dynamic access control.
This episode sheds light on how Real-Time Authorization operates, continuously assessing and authorizing access based on a variety of dynamically determined factors rather than preassigned privileges. In this ideal scenario, access to resources is granted only when necessary, enhancing security and limiting potential vulnerabilities.