Dynamic security at scale: Cedar policies for continuous authorization (SEC207)

Summarized key takeaways from the video transcription in Markdown format:

Continuous Authorization

Transition from Custom Authentication to Unified Authentication

  • In the past, authentication was completely custom for each application, requiring users to remember multiple passwords.
  • The industry moved towards unified authentication standards, benefiting users with fewer passwords to remember.

The Need for Unified Authorization

  • While authentication has been largely solved, authorization remains a "Wild West" with very different models across applications.
  • There is a need for metaphors, APIs, and standards to bring various authorization models together.

Challenges in Authorization

  • Authorization involves more diverse inputs (identity, resource, time, network, etc.) compared to the relatively simpler authentication process.
  • Lack of end-to-end agreement on authentication elements (multi-factor, constraints, etc.) hinders the modernization of authorization.

The Role of Cedar

  • Cedar is a language developed by AWS to address the challenges in authorization.
  • Cedar provides a powerful metaphor for fine-grained and real-time authorization cases.
  • Strong DM has adopted Cedar and provided a Go-based implementation for the community.

Deployment Considerations for Fine-Grained Authorization

  • Network calls to external authorization services can be costly, so Strong DM has integrated Cedar directly into their proxy layer.
  • The infrastructure needs to handle state changes and feed them into the authorization pipeline for real-time reactions.

Cedar Policy Examples

  • Policies can be applied to SaaS applications, databases, and even interactive shells to enforce authorization rules.
  • Policies can perform actions like redaction, row-level filtering, and multi-factor authentication prompts.
  • The policies are externalized and can be adjusted in real-time, affecting the underlying systems immediately.

Resources

  • Cedar Policy website: cedarpolicy.com
  • White paper on Cedar
  • Strong DM blog post on Cedar

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

Talk to us