16:00-16:30 - Production Ready API Authorization Using Open Policy Agent (OPA) - Eyal Kraft, Elastic
OPA is a well known open source tool for authorization. Using OPA Is a great way to decouple policy decisions from business logic, but it comes with some complications: How and when does policy deployment happen? How is the policy kept in sync with the application version? What happens in case of a rollback?
In this session we will explore the real world problems that pop up when trying to implement API authorization using OPA, and how to solve them
16:30-17:00 - How to overcome pain when building permissions in cloud-native products - Oded Ben-David, Permit.io
Permissions and access control are key for any modern product, but getting them right can be a huge pain especially when the product evolves. We’ll review cases from the painful journeys of real companies, and learn from their mistakes and achievements. And review the best practices and tools available today to overcome the pain and build flexible and powerful permission solutions; including open-source solutions like OPA, OPAL, Zanzibar, and more.
About the speakers:
Eyal Kraft is a team lead in Elastic's CSPM group, formerly build.security. Enthusiastic about Cybersecurity, Software development, Cloud and everything in between.
Oded Ben-David, the first dev at Permit.io, is an all-around software engineer with a weakness for creating applications and automating processes. With over a decade of R&D leadership experience, and as a parent (of 3 wonderful girls) who solves parenting challenges with code, Oded loves creating tech that helps improve the day to day lives of people around him