Summarized key takeaways from the video transcription in Markdown format:
Continuous Authorization
Transition from Custom Authentication to Unified Authentication
- In the past, authentication was completely custom for each application, requiring users to remember multiple passwords.
- The industry moved towards unified authentication standards, benefiting users with fewer passwords to remember.
The Need for Unified Authorization
- While authentication has been largely solved, authorization remains a "Wild West" with very different models across applications.
- There is a need for metaphors, APIs, and standards to bring various authorization models together.
Challenges in Authorization
- Authorization involves more diverse inputs (identity, resource, time, network, etc.) compared to the relatively simpler authentication process.
- Lack of end-to-end agreement on authentication elements (multi-factor, constraints, etc.) hinders the modernization of authorization.
The Role of Cedar
- Cedar is a language developed by AWS to address the challenges in authorization.
- Cedar provides a powerful metaphor for fine-grained and real-time authorization cases.
- Strong DM has adopted Cedar and provided a Go-based implementation for the community.
Deployment Considerations for Fine-Grained Authorization
- Network calls to external authorization services can be costly, so Strong DM has integrated Cedar directly into their proxy layer.
- The infrastructure needs to handle state changes and feed them into the authorization pipeline for real-time reactions.
Cedar Policy Examples
- Policies can be applied to SaaS applications, databases, and even interactive shells to enforce authorization rules.
- Policies can perform actions like redaction, row-level filtering, and multi-factor authentication prompts.
- The policies are externalized and can be adjusted in real-time, affecting the underlying systems immediately.
Resources
- Cedar Policy website: cedarpolicy.com
- White paper on Cedar
- Strong DM blog post on Cedar