Proposed Authorization Working Group Overview
Explore the necessity of an Authorization Working Group due to the prevalent cyber attacks exploiting identities, the challenges in managing authorizations within organizations, lack of standardized communication between applications, and the proposed objectives to enhance interoperability and define communication patterns for major authZ components.
- Authorization Working Group
- Cyber Attacks
- Interoperability
- Authorization Protocols
- Communication Patterns
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
AuthZEN Proposed Working Group Update Atul Tulshibagwale, CTO, SGNL Co-presenter: Omri Gazitt, Co-founder and CEO, Aserto 1
Why Do We Need an Authorization Working Group Majority of cyber attacks exploit identities Most attacks are successful because of over-permissioned users Turns even a single identity compromise into a potential catastrophe 2
Why Do We Need an Authorization Working Group (Contd.) Authorization is hard to manage in today s organizations Too many places to manage authorization Each application does its own thing SaaS and cloud complicate matters 3
Why Do We Need an Authorization Working Group (Contd.) No standardized way for authorization components to communicate Leads to each application defining their own way of managing authorization SaaS or other cloud services cannot talk to external authorization systems Same with COTS applications 4
Proposed Working Group Purpose Between components Authorization Protocols and Formats Intra-org Inter-org Between systems 5
Scope and Objectives Increase interoperability between existing standards and approaches to authorization - examples include ALFA, Cedar, OPA, IDQL, Graph-based and Zanzibar-inspired systems such as OpenFGA, Topaz and SpiceDB Define and formalize interoperable communication patterns between major authZ components, for example PAP, PDP, PEP, and PIP Establish and promote the use of externalized authZ as the preferred pattern 6
Proposed Specifications Description of standard authorization patterns, use cases, communications patterns, and integration patterns An API to communicate authorization requests and decisions between Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) (which may be implemented by different parties) An API to communicate authorization policy and data from PAP to PDPs (which are implemented by different parties) 7
Anticipated Audience or Users Authorization developers and architects SaaS vendors (Multi client hosting) Cloud platforms Application vendors Enterprise implementers/practitioners who integrate authorization products 8
Proposers Atul Tulshibagwale, SGNL, atul@sgnl.ai Gerry Gebel, Strata Identity, gerry@strata.io Steve Venema, ForgeRock, steve.venema@forgerock.com Omri Gazitt, Aserto, omri@aserto.com Pieter Kasselman, Microsoft, pieter.kasselman@microsoft.com Alex Babeneau, 3Edges, alex@3edges.com David Brossard, Axiomatics, david.brossard@axiomatics.com Allan Foster, allan@macguru.com Andrew Hughes, Ping Identity, andrewhughes@pingidentity.com Mike Kiser, SailPoint, mike.kiser@sailpoint.com 9
