Best of Authorization โ€” August 2024

  1. 1
    Article
    Avatar of hnHacker Newsยท2y

    Permify/permify: An open-source authorization as a service inspired by Google Zanzibar, designed to build and manage fine-grained and scalable authorization systems for any application.

    Permify is an open-source authorization service inspired by Google Zanzibar, designed to implement fine-grained, scalable access controls quickly. It centralizes authorization logic, supports granular permissions, and offers fast response times for access checks. Start using it locally with a simple Docker command and contribute to its codebase, documentation, or playground for improvements.

  2. 2
    Article
    Avatar of cerbosCerbosยท2y

    Authentication vs Authorization

    Understanding authentication and authorization is key to securing applications. Authentication verifies user identity, while authorization determines what authenticated users are allowed to do. Authentication methods include passwords and biometrics, whereas authorization relies on access control lists and roles. Effective authorization systems need to be scalable and flexible. Services like Cerbos offer robust, scalable solutions that enhance security by ensuring only permitted users access sensitive data.

  3. 3
    Article
    Avatar of cerbosCerbosยท2y

    3 Most Common Authorization Designs for SaaS Products

    Authorization is essential for securing SaaS applications, ensuring only authorized users access specific resources. This post details three common authorization models: Access Control List (ACL), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). ACL is simple and quick but may require manual updates as the system scales. RBAC is more scalable, using roles to grant permissions, but can suffer from 'role explosion' as granular control increases. ABAC is the most complex and powerful, using contextual information and attributes to manage access dynamically. Organizations with complex needs might consider third-party solutions like Cerbos for easier implementation.

  4. 4
    Article
    Avatar of justjavaJust Javaยท2y

    what is Spring Security for real ๐Ÿค”

    Spring Security is a powerful framework for securing Java applications, handling authentication and authorization. It protects against vulnerabilities like CSRF and XSS, offers customizable security policies, and integrates seamlessly with other Spring projects. Features include security context propagation, custom authentication providers, method-level security, and configuring security headers for enhanced protection. A real-world example shows how to secure a RESTful API with role-based access.

See all Authorization archives