Protecting Democracy Through Fine-Grained Authorization
See how Maricopa County used Fine-Grained Authorization (FGA) to secure its voting system. A case study for developers protecting data in large-scale operations
Application authorization enthusiast with years of experience as a customer engineer, technical writing, and open-source community advocacy. Comunity Manager, Dev. Convention Extrovert and Meme Enthusiast.
See how Maricopa County used Fine-Grained Authorization (FGA) to secure its voting system. A case study for developers protecting data in large-scale operations
Today, we are excited to announce the launch of Permit.io’s latest feature: Permit Share-If.
Developer conferences are a great way to get more eyes on your startup. In this guide, we cover everything we learned about making the most out of them
Preventing broken access control vulnerabilities: a CISO's perspective on the components and importance of proper permission management for cloud-native apps.
What changed, both in terms of the challenges and the solutions, and how we can adapt to these changes?
Externalizing FGA allows developers to focus on core application features while ensuring secure authorization - A case study of Honeycombs’ experience with FGA
Externalizing FGA allows developers to focus on core application features, ensuring secure access control - A case study of Rivulis’ experience with FGA
Learn how to use JWT for authorization, understand the basics of what JWT is, and explore examples of proper JWT usage in authentication and authorization.
Learn how to build cloud-native authorization systems with CI/CD, thorough testing, and precise modeling and implementation.
Learn how to protect user data from AI crawlers with Fine-Grained Authorization (FGA) by Identifying bots, classifying data, and empowering users with control.
The Bikini Bottom guide to RBAC authorization models and their implementation with OPA
What is Relationship Based Access Control, when should it be used, how can you implement it in your application, and how can you provide a UI for managing it?
Attribute-Based Access Control (ABAC) and Relationship-Based Access Control (ReBAC) - how to make the most suitable choice for your application?
Discover best practices for authorization in REST API. Learn about API authorization layers, actors, tools like Permit.io and OPAL.
RBAC provides a simple, intuitive authorization solution, while ABAC allows for more fine-grained, dynamic authorization. Learn how to combine the strengths of both
Authorization as a Service provides a solution for managing user access and permissions in applications. Learn when you might want to consider such a service, how it can streamline your authorization implementation, and simplify permission management.
What is Attribute Based Access Control, when should it be used, how can you implement it in your application, and how can you provide a UI for managing it?
Discover how Discord built "Access!" - a secure, user-friendly portal for managing authorization, and what should you use to cover your entire user stack.
A guide to the most common access control terms. Learn how to integrate MAC and DAC and RBAC, and how the rise of FGA can help your application access control.
Google designed its Zanzibar authorization system to handle its complex access needs. See how you can leverage this to create fine-grained ReBAC in your app
Scale is a challenge that every developer encounters at some point - how did Reddit approach this challenge, and what can we learn from it?
Learn best practices for managing user roles and access delegation and how to implement a cascading authorization model to enhance your app's access control.
Learn how to quickly create and implement custom user experiences for your application with User Attributes and Feature Flags
Learn how, when, and where to use OAuth scopes for authorization. Get a clear understanding of OAuth scopes definition and their proper usage.
10 topics, 45 questions: Authorization is part of every app—here are the questions you NEED to ask yourself before you implement this critical security feature
How to Build The Right App Authorization Solution - An Intro to Open Policy Agent
Policy languages and frameworks like OPA, Cedar, and OpenFGA are rising in popularity. Explore the solutions they provide, and the benefits of using them.
We just launched our developer tool on Product Hunt and got 'Product of the Day'. Here's how we did it. Some useful growth hacking tips.
OPA just announced its newest version, 1.0. How does it affect you? What does it mean? What's new? Find out here -
Learn how to implement fine-grained RBAC, ABAC, and ReBAC authorization in a Next.js application using a working demo of a mobile plan management application
Learn how to implement Relationship-Based Access Control (ReBAC) with OPA - an open source policy engine for controlling access to systems and resources.
Learn how to implement proper authorization for a healthcare app with the help of Galactic Health Corporation - a Rick & Morty inspired healthcare application.
Learn how Reddit built its advanced Ad Tech authorization system with Open Policy Agent (OPA) and how you can build one yourself with OPAL!
Protecting your user's personal medical information is vital in healthcare apps. Here's how to make sure you're doing everything to keep that data safe -
If you've worked on authorization before, you know that sometimes standard policy models just aren't enough. What can we do then? Let's find out -
Explore token-based authentication, its advantages over sessions, various token types, and the role of authorization tokens in security.
Authentication (AuthN) and Authorization (AuthZ) are two critical Identity IAM concepts. Although often confused, they have distinct meanings and functions.
How Google built its access control with Google Zanzibar, and how you can model and build a 'Google Drive' style authorization system for your app yourself!
Get ready to rumble! Join us on a quest to find the best authorization policy model in an epic battle royale: RBAC vs. ABAC vs. ReBAC
Explore top developer communities like Next.js and OpenAI. Dive into knowledge-rich hubs, collaborate, learn from experts, and stay ahead in tech trends.
"Shift-Left" is great, but often results in endless tasks and tools for devs instead of addressing the real issues. How can we avoid it? Implement good DevEx.
ABAC vs. ReBAC - A comprehensive guide to the pros, cons, use cases, and implementation of these common authorization models
RBAC vs. ReBAC - A comprehensive guide to the pros, cons, use cases, and implementation of these common authorization models
Learn from a real case study how to Shift-Left in a way that will impact the product's security. Minimize friction between security and development teams.
Choosing the right policy agent to handle your authorization is not a simple task - each offers its benefits and has its drawbacks. How to choose? Read here.
How (and why) should you implement RBAC with AWS' new Cedar policy engine
Having an authorization layer is a must. But should you build one yourself?
Why and how you should enhance your application's security and compliance with authorization audit logs.
AWS' new Cedar policy language is now open-source and live! See how you can make the best use of it with Permit.io
Migrating from Role-based access control (RBAC) to Attribute-based access control (ABAC) can prove quite challenging - here's how you can do it painlessly.
When building an app, good authorization is a must, and planning it ahead is critical. How do you plan effective, secure, and scalable AuthZ? Learn here -
5 key factors for effective & scalable app authorization: simplicity, flexibility, compliance & more.
How Netflix solved the challenge of authorizing millions of users by using OPA, how you can adopt this solution, and possibly create something even better
Access control is a must in evey app, yet most developers build and rebuild it time and time again. Why? Usually, they make one of these four crucial mistakes -
A view of OPAL + OPA as an alternative to XACML
Intro to OPAL: an open-source administration layer for Open Policy Agent (OPA) that allows you to easily keep your authorization layer up-to-date in real-time
The Bikini Bottom guide to ABAC authorization models and their implementation with OPA
Centralized IAM, and the benefits of implementing it in your organization.
The latest OWASP "Top 10 API Security Risks" report once again lists "Broken Object Level Authorization" as its top 1 vulnerability. What can be done about it?
Access Control is a main concern when developing web applications - and the NSA has a lot to say about it, especially the biggest pitfall developers make.
Permit.io's top 6 developer podcasts of 2022 that are definitely worth your time and attention