Explore a 14-minute conference talk from Conf42 DevSecOps 2024 that delves into implementing Role-Based Access Control (RBAC) authorization using a policy-as-code approach. Learn about different API authorization strategies, including RBAC and Attribute-Based Access Control (ABAC), and understand how to combine them into a hybrid access control system. Discover the implementation of policies as code using tools like Open Policy Agent (OPA) and ROND, with detailed explanations of their features and practical use cases. The presentation covers fundamental concepts of policies, various authorization approaches, and modern tools for implementing secure access control in software systems.
Overview
Syllabus
00:00 Introduction and Speaker Background
00:26 Understanding Policies
01:32 API Authorization Strategies
02:30 Role-Based Access Control RBAC
03:22 Attribute-Based Access Control ABAC
04:16 Hybrid Access Control Approach
06:33 Implementing Policies as Code
07:50 Open Policy Agent OPA
09:55 Introducing ROND
10:49 ROND Features and Use Cases
13:30 Conclusion and Invitation
Taught by
Conf42
Related Courses
-
Identity and Access Management (IAM)
-
Manage Authentication, Authorization, and RBAC for AI workloads on Azure
-
Authorization and Managing Identity in Azure
-
Implement resource management security in Azure
-
Building Authorization with Node.js: Dos and Don'ts
-
Building Advanced Permission Systems - From RBAC to ABAC Implementation
