October 5, 2023
with Kendra Ash
There is no such thing as 100% compliance.
Compliance personnel are often non-technical in background. Compliance controls are not only open to interpretation, they must be interpreted to be implemented (like any other software requirement)
This interpretation is a creative act, and is where we can choose who we are to the compliance Cinderella: her Stepsisters, or her Fairy Godmother.
with Ronen Hilewicz
Authentication is a solved problem. Authorization is not.
Authorization is, in fact, the #1 problem on the OWASP Top Ten!
Authentication happens once, up-front, as you enter a session
Authorization happens constantly, throughout the user’s session, in real-time
ABAC (Policy as code)
ReBAC (Policy as data)
An OSS solution: https://github.com/aserto-dev/topaz
Builds a subject/object relational graph