A Look Back and A Path Forward

The light of Authorization leading the way for a weary band of identity-minded sojourners

Welcome to the “Authorize” clipping service, a precursor to an upcoming “Authorize” conference. This service is provided by volunteer authorization nerds who want more people to know about all the cool stuff that’s going on in the authorization world! Here’s all the news you need to know:

Conferences:

• TechVision Research’s Chrysalis is this week, on January 16th and 17th. Completely virtual, the lineup of speakers and discussions is a blend of future-looking and a grounded discussion of “what’s possible now.” in all things identity.

Podcast Episodes:

• Breaking Down the Complexities of Authorization with Identity Jedi

  Omri Gazitt joins David and Sameer  as they talk about the journey of authorization from a point-of-view to a full-on lifestyle (Please direct any questions about formalwear for said lifestyle to David directly.)

Articles of Note:

• Fein-granulare Autorisierung – warum der Hype?

  A deep break-down of the hype (and brief history) of fine-grained authorization. Yes, it’s in German. Yes, you can easily use translation tools to understand what they’re saying—even if you didn’t pay attention in German back in year eight. 

• Why authorization audit logs and decision logs are important

  No matter what you’re doing in life, you gotta “keep the receipts:” at the grocery store, when you’re doing your taxes, and *particularly* when you’re placing bets on local youth sports (if you find yourself doing this last bit, we should talk.) Authorization is more powerful with audit / decision logs, and this article explains why.

• Automate Cedar policy validation with AWS developer tools | AWS Security Blog 

  “Life is short, break the rules” - Mark Twain. While this may apply if you’re a world famous author, we don’t’ advise it in the world of authorization. At re:Invent, AWS IAM Access Analyzer launched custom policy checks, a way to formally prove changes are safe *before* deploying policies in production. There’s an associated open-source repository of samples worth a peek, since writing theorems worth proving is usually the trickiest part! 

• New Open Source Standard Brings Consistency to Webhooks - The New Stack

  Webhooks are great, until they’re not. There’s a new effort to standarize these callbacks, complete with a repo you can try out yourself. 

• Authentication vs. Authorization

  Ever hear an old architect shout, “Back in my day, we had to authenticate and authorize twice, in deep snow, everyday before school!” Me neither, but nonetheless, this article spans the history of both of the “A-words,” showing how far we’ve come and how that conditions our future direction.

• Speaking of “future trends,” there are predictions made every year about what is going to happen in the next twelve months. SGNL looks back at what they claimed would happen and compares it to realit.  “Looking Back at 2023 IAM Predictions”. Then, they look forward to the coming year in IAM: “The Future is Now: IAM in 2024”