Cedar on Fire
Seattle meetup, new Cedar functionality, and a roundup of what happened at Gartner IAM
Welcome to the “Authorize” clipping service, a precursor to an upcoming “Authorize” conference. This service is provided by volunteer authorization nerds who want more people to know about all the cool stuff that’s going on in the authorization world! Here’s all the news you need to know.
Events
Internet Identity Workshop in Mountain View in April - Authz subscribers get a registration discount, don’t forget to share your plans in our planner
Seattle IDPro Meetup March 14
How Reddit Solved Authorization upcoming March 19
IETF 119 Brisbane starts next week
Cool People building cool stuff
The Cedar policy language project has released a new version 🔥with a fancy new compact human-readable schema format. The project is also continuing to expand its community beyond Amazon with the inclusion of a Go implementation from StrongDM.
News
New academic paper benchmarking Cedar against Rego and OpenFGA.
Authorize like Slack with the Topaz template and quickstart. Learn all about how Slack uses roles with access control lists to provide users with granular permissions in this post.
Choose Your Own Adventure: The Treacherous Trek to Security In this episode, we'll figure out which tool for access authorization we should adopt. The contestants are Hexa, Paralus, and OpenFGA.
Cerbos recently published their perspective on the “Authorization Layer”
Insecure Apex code plagues many Salesforce deployments | CSO Online – inscrutable permissions strike again, per research from Varonis. Saleforce’s internal scripting platform has modes that can, by design, bypass permission checks at user, object, and field levels, and are not always obvious to debug.
Understanding Externalized Authorization | by DLT Labs
NSA Releases Maturity Guidance for the Zero Trust Network and Environment Pillar
NIST 800-207A: Implementing Zero Trust Architecture - InfoQ
A recap of the Gartner IAM Summit with a focus on the CAEP Interoperability Event