Welcome to the “Authorize” clipping service, a precursor to an upcoming authorization-themed conference. This service is provided by volunteer authorization nerds who want more people to know about all the cool stuff that’s going on in the authorization world!
For those of us in the northern hemisphere, thoughts of autumn are starting to stir (even though it’s 104℉ where I am right now). So I bring you…
🍅 A fine crop of webinars
Coming up fast:
August 22: Making the Complex Simple: Authorization for the Modern Enterprise with PlainID
August 28: Protecting Your Identity Estate: How to Effectively Manage Paths to Privilege with BeyondTrust
August 29: A Practical Approach to Implementing Least Privilege Security with Opal Security
Plan ahead:
September 24: Mastering Zero Trust: Overcoming Challenges and Leveraging AI for Effective Authorization with Axiomatics and iC Consult
🌔 An almanac full of wisdom
That’s not rhubarb, silly — it’s pronounced “RBAC”: Ronen and Roie from Aserto explain how to build RBAC in Go, and Andre from Gremlin explains how role-based access control works in Gremlin.
When you need tighter access control: I’m not talking about preventing meth from getting into the celery at the farmer’s market, but rather an e-book from Veza and Snowflake on Intelligent Access: Modernizing Identity with Just in Time Access.
Cautionary tales: It’s as bad as deer getting into the garden when your AWS accounts are breached through shadow resources (BlackHat presentation) or a Docker Engine authorization plugin bypass is discovered (Docker security advisory).
New hybrid: Check out this totally new produce from the Cloud Security Alliance on Securing LLM Backed Systems: Essential Authorization Practices. Tasting notes:
There is no differentiation between “code” and “data” when using an LLM, and LLMs can’t provide fine-grained access control to information contained within the model's weights.
External knowledge bases often have unique authorization controls, roles, enforcement, and other quirks.
The LLM context window must be filtered to include only the data the end-user is authorized to view.
Seed catalog: Our Authorize community’s own
recently presented The Future of AuthZ, from A to Z to the IRS. This is a gorgeous and thoughtful deck.Divining the future: And our own
recently appeared on the Identity Jedi Show, discussing the evolution and future of identity.
🎢 State Fair announcements and prizes
Young colt: Knostic, which has raised $3.3M pre-seed, won the BlackHat startup competition for its “Need-to-know based access control for LLMs to prevent oversharing of sensitive information”.
Old racehorse: 25-year-old Kiteworks (formerly Accellion), which secures email and file sharing, is still going strong. It snagged a $456M funding round from Insight Partners and Sixth Street Growth. It’s valued at $1B.
New foal: Permify just shipped its v1.0.0 open-source solution for fine-grained authorization.
If you’re an authorization nerd and an IDPro member, join our discussions in the IDPro Slack #authorization channel! Want to help write this newsletter and organize authorization conference activities? Find Rohit Khare on LinkedIn and ask for an invite.