CNCF-hosted Co-located Events North America 2024

Congrats, your org is all-in on microservices! But now you have hundreds (or thousands!) of APIs. Some power your customer-facing apps. Others are platform services that your front-end services consume. Still others are back-end services used by internal tools. And ALL of them need to be authorized. Not to mention, you need to be able to answer questions like “which users are authorized to invoke this endpoint?” and “which endpoints can this user invoke?” Having each API “do its own thing” makes it all but impossible to wrangle this complexity. You need a cross-cutting solution to apply authorization rules consistently - either in the API code or at the API Gateway. Enter Topaz: an open source cloud-native authorization service that is plug-compatible with Open Policy Agent, and provides full support for the Google Zanzibar ReBAC model. This talk provides hands-on learning for how to go from an OpenAPI spec to a fine-grained authorization model, ready to authorize your users.