Cloud Native SecurityCon North America 2022

Broken Access Control is the top vulnerability in the OWASP Top 10 security risk list. Proper configuration and enforcement of access control are critical to modern organizations, as privacy and compliance awareness are at their peak. Yet, building authorization or permissions management is a painful process for developers, due to complex and ever-evolving requirements and lack of knowledge for avoiding common pitfalls. OPAL (Open Policy Administration Layer) is an open-source administration layer for OPA (Open-Policy Agent). OPAL detects changes to both policy and policy data in real-time and pushes live updates to policy engines, making them real-time and event-driven. OPAL uses Git as the source-of-truth for policy, enabling GitOps workflows for policy delivery and versioning. OPAL is used by thousands of engineers, from Tesla, Zapier, Cisco, Accenture and others. In his talk, Asaf Cohen, co-maintainer and author of OPAL, will explain the challenges of managing modern authorization and access control and how these challenges can be solved by using open source tools like OPAL. In the end, he will provide use cases and tips for implementing simple and scalable authorization.

Dates

Author

Conferences

Tags

⚡ Lightning Talk: OPAL: The Open Source GitOps Enabled Platform for Building Authorization

tldr - powered by Generative AI