Explore a comprehensive conference talk on building authorization systems with Node.js, focusing on best practices and common pitfalls. Delve into advanced authentication features, various access control models (ACL, RBAC, ABAC, ReBAC), and innovative approaches to authorization. Learn about the importance of contracts in creating better relationships, and discover tools like Cedar for policy definition and code generation. Examine the Open Policy Administration Layer (OPAL) and its role in modern authorization architectures. Gain insights into auditing, enforcing authorization policies, and implementing frontend feature toggling with CASL. Conclude with a practical demo and an introduction to Permit.io for streamlined authorization management.
Overview
Syllabus
intro
preamble
find the difference
authentication advanced features
about gabriel
innovations
staging & production
express & flask
authorization best practices
- model
acl - access control list
rbac - role based access control
abac - attribute based access control
rebac - relationship based access control
- author
contracts create better relationships
cedar
generate code from ui
- analyze: cedar agent
- enforce authorization policies
casl - frontend feature toggling sdk
- audit
authorization system building blocks
opal - open policy administration layer
opal based authorization architecture
demo
about permit.io
thank you
Taught by
Conf42
