Articles by Tag #authz
Browse our collection of articles on various topics related to IT technologies. Dive in and explore something new!
How Cerbos minimizes latency in Authorization workflows
In the context of authorization, latency refers to the delay or time it takes for an authorization...
Authorization needs to be dynamic, declarative, and decoupled
Guest article written by Fatuma Abdullahi. Thanks! For more great community content and discussions,...
PEP and PDP for Secure Authorization with Cognito
Authorization is a critical part of securing cloud applications, and understanding the best practices for implementing it can make all the difference. In this post, we dig deep on the concepts of Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs), and how they work together to manage user access efficiently. We dive into a serverless solution using AWS Lambda and API Gateway, implementing Role-Based Access Control (RBAC) for fine-grained access control based on Cognito User Groups. This solution ensures scalability, low latency, and efficient authorization in serverless environments.
Unlocking Fine-Grained Authorization with Amazon Verified Permissions: An Underrated AWS Service
In today’s application landscape, a comprehensive authorization solution is crucial for maintaining security and compliance. Amazon Verified Permissions (AVP) is an (I feel) often-overlooked service that offers powerful, fine-grained authorization capabilities for custom applications. Let’s explore this AWS service and discover how it can enhance your application’s security posture.
PEP and PDP for Secure Authorization with AVP
As authorization needs evolve, managing access efficiently becomes even more crucial. In this follow-up post, we extend our Policy Decision Point (PDP) and Policy Enforcement Point (PEP) solution by introducing Amazon Verified Permissions (AVP) for fine-grained authorization. Instead of storing permissions in DynamoDB, we leverage AVP’s centralized policy engine and Cedar policy language to define and enforce access control dynamically.
Authorization (authz) and GraphQL
What are your options for Authorization in GraphQL?
Current Trends in Authorization: Simplifying Access Control
Introduction Authorization is a critical component of modern application security, but...
PEP and PDP for Secure Authorization with AVP and ABAC
Taking our authorization system to the next level! In this third part of our series, we're enhancing our Amazon Verified Permissions (AVP) solution with Attribute-Based Access Control (ABAC). By combining RBAC and ABAC, we get a powerful authorization system that can enforce fine-grained access based on user attributes and context - perfect for multi-tenant applications where access control needs to account for more than just roles.
Scaling Access Control: Leveling Up Roles with Relationships Using ReBAC
If you’ve ever built a collaborative app, you’ve probably reached for role-based access control...