The Case for Centralized IAM
Centralized IAM, and the benefits of implementing it in your organization.
Read More
Daniel Bass
Application authorization enthusiast with years of experience as a customer engineer, technical writing, and open-source community advocacy. Comunity Manager, Dev. Convention Extrovert and Meme Enthusiast.
How to Implement Role Based Access Control (RBAC) using Open Policy Agent (OPA)
The Bikini Bottom guide to RBAC authorization models and their implementation with OPA
Read MoreOPAL + OPA VS XACML
A view of OPAL + OPA as an alternative to XACML
Read MoreReal-time dynamic authorization - an introduction to OPAL
Intro to OPAL: an open-source administration layer for Open Policy Agent (OPA) that allows you to easily keep your authorization layer up-to-date in real-time
Read MoreAn intro to Open Policy Agent (OPA)
How to Build The Right App Authorization Solution - An Intro to Open Policy Agent
Read MoreBroken Access Control: The CISO Perspective
Preventing broken access control vulnerabilities: a CISO's perspective on the components and importance of proper permission management for cloud-native apps.
Read MoreAuthorization is changing - how we can harness the benefits?
What changed, both in terms of the challenges and the solutions, and how we can adapt to these changes?
Read MoreHow to Implement Attribute Based Access Control (ABAC) using Open Policy Agent (OPA)
The Bikini Bottom guide to ABAC authorization models and their implementation with OPA
Read MoreThe four mistakes you make building permissions
Access control is a must in evey app, yet most developers build and rebuild it time and time again. Why? Usually, they make one of these four crucial mistakes -
Read MorePermit.io's Top 6 Dev Podcasts of 2022
Permit.io's top 6 developer podcasts of 2022 that are definitely worth your time and attention
Read MoreAuthorization Policy Showdown: RBAC vs. ABAC vs. ReBAC
Get ready to rumble! Join us on a quest to find the best authorization policy model in an epic battle royale: RBAC vs. ABAC vs. ReBAC
Read MoreAuthN vs. AuthZ: Understanding the Difference
Authentication (AuthN) and Authorization (AuthZ) are two critical Identity IAM concepts. Although often confused, they have distinct meanings and functions.
Read MoreHow to build authorization like Netflix with Open Source?
How Netflix solved the challenge of authorizing millions of users by using OPA, how you can adopt this solution, and possibly create something even better
Read MoreBuilding App Authorization: The 5 Keys for Scalability and Compliance
5 key factors for effective & scalable app authorization: simplicity, flexibility, compliance & more.
Read MoreRBAC VS ABAC: Pros, Cons, Choosing the Right AuthZ Policy Model
RBAC and ABAC are two of the most common authorization policy models out there. How do you choose the right one for your application?
Read More5 steps to building NSA-level access control for your app
Access Control is a main concern when developing web applications - and the NSA has a lot to say about it, especially the biggest pitfall developers make.
Read MorePlanning App Role-Based Access Control (RBAC) Implementation
When building an app, good authorization is a must, and planning it ahead is critical. How do you plan effective, secure, and scalable AuthZ? Learn here -
Read MoreMigrating from RBAC to ABAC with Permit.io
Migrating from Role-based access control (RBAC) to Attribute-based access control (ABAC) can prove quite challenging - here's how you can do it painlessly.
Read MorePermit.io Cedar Implementation Q&A: Everything you need to know
AWS' new Cedar policy language is now open-source and live! See how you can make the best use of it with Permit.io
Read MoreImplementing Role-Based Access Control (RBAC) with AWS’ Cedar
How (and why) should you implement RBAC with AWS' new Cedar policy engine
Read MoreAuthorization still tops OWASP top 10 API Security risks for 2023
The latest OWASP "Top 10 API Security Risks" report once again lists "Broken Object Level Authorization" as its top 1 vulnerability. What can be done about it?
Read MoreBest Practices for Authorization Audit Logs
Why and how you should enhance your application's security and compliance with authorization audit logs.
Read MoreShould You Roll Your Own RBAC Authorization?
Having an authorization layer is a must. But should you build one yourself?
Read MoreWhat is Authorization as a Service
What is authorization as a service? Why would you need it? Can you build authorization yourself? What options are there? Learn more here.
Read MorePolicy Engines: Open Policy Agent vs AWS Cedar vs Google Zanzibar
Choosing the right policy agent to handle your authorization is not a simple task - each offers its benefits and has its drawbacks. How to choose? Read here.
Read MoreWhat is Relationship-Based Access Control (ReBAC)?
What is Relationship Based Access Control, when should it be used, how can you implement it in your application, and how can you provide a UI for managing it?
Read MoreHow to Implement Relationship-Based Access Control (ReBAC) Using Open Policy Agent (OPA)
Learn how to implement Relationship-Based Access Control (ReBAC) with OPA - an open source policy engine for controlling access to systems and resources.
Read MoreYou're Doing Shift-Left Wrong
Learn from a real case study how to Shift-Left in a way that will impact the product's security. Minimize friction between security and development teams.
Read MoreHow we got our Dev Tool ‘Product of the Day’ in Product Hunt (And Survived)
We just launched our developer tool on Product Hunt and got 'Product of the Day'. Here's how we did it. Some useful growth hacking tips.
Read MoreRole-Based Access Control (RBAC) VS. Relationship-Based Access Control (ReBAC)
RBAC vs. ReBAC - A comprehensive guide to the pros, cons, use cases, and implementation of these common authorization models
Read MoreAttribute-Based Access Control (ABAC) VS. Relationship-Based Access Control (ReBAC)
ABAC vs. ReBAC - A comprehensive guide to the pros, cons, use cases, and implementation of these common authorization models
Read MoreDevSecOps is nothing without DevEx
"Shift-Left" is great, but often results in endless tasks and tools for devs instead of addressing the real issues. How can we avoid it? Implement good DevEx.
Read MoreDon't Code Alone: The Best Developer Communities of 2023
Explore top developer communities like Next.js and OpenAI. Dive into knowledge-rich hubs, collaborate, learn from experts, and stay ahead in tech trends.
Read MoreHow to Use OAuth Scopes for Authorization
Learn how, when, and where to use OAuth scopes for authorization. Get a clear understanding of OAuth scopes definition and their proper usage.
Read MoreBuilding Immune Authorization: AppSec in Healthcare Apps
Protecting your user's personal medical information is vital in healthcare apps. Here's how to make sure you're doing everything to keep that data safe -
Read MoreBuilding Healthcare App Authorization in Space with Next.js and Permit.io
Learn how to implement proper authorization for a healthcare app with the help of Galactic Health Corporation - a Rick & Morty inspired healthcare application.
Read MoreBuild Authorization Like Google
How Google built its access control with Google Zanzibar, and how you can model and build a 'Google Drive' style authorization system for your app yourself!
Read MoreHow Reddit Built Authorization with OPA
Learn how Reddit built its advanced Ad Tech authorization system with Open Policy Agent (OPA) and how you can build one yourself with OPAL!
Read MoreWhat is Token-Based Authentication?
Explore token-based authentication, its advantages over sessions, various token types, and the role of authorization tokens in security.
Read MoreBest-Practices for API Authorization
Discover best practices for authorization in REST API. Learn about API authorization layers, actors, tools like Permit.io and OPAL.
Read MoreBeyond RBAC: When standard models just aren’t enough
If you've worked on authorization before, you know that sometimes standard policy models just aren't enough. What can we do then? Let's find out -
Read MoreHow Reddit Scaled to Millions of Decisions Per Second
Scale is a challenge that every developer encounters at some point - how did Reddit approach this challenge, and what can we learn from it?
Read MoreFrom RBAC to ReBAC and ABAC with Next.js and Permit.io
Learn how to implement fine-grained RBAC, ABAC, and ReBAC authorization in a Next.js application using a working demo of a mobile plan management application
Read MoreOPA v1 is Almost Out! Here’s What You Need to Know
OPA just announced its newest version, 1.0. How does it affect you? What does it mean? What's new? Find out here -
Read More