conferences

My notes from conference sessions I have attended.

View the Project on GitHub jonfazzaro/conferences

DevOpsDays

October 5, 2023
Indianapolis, IN

The Cinderella of Security - Combining forces with compliance for better security outcomes

with Kendra Ash

There is no such thing as 100% compliance.

Compliance personnel are often non-technical in background. Compliance controls are not only open to interpretation, they must be interpreted to be implemented (like any other software requirement)

This interpretation is a creative act, and is where we can choose who we are to the compliance Cinderella: her Stepsisters, or her Fairy Godmother.

Authorization: the next platform service

with Ronen Hilewicz

Authentication is a solved problem. Authorization is not.

Authorization is, in fact, the #1 problem on the OWASP Top Ten!

It’s a much harder problem to solve.

Authentication happens once, up-front, as you enter a session
Authorization happens constantly, throughout the user’s session, in real-time

Evolution of Authorization techniques

ACL
RBAC
ABAC (Policy as code)
ReBAC (Policy as data)

An OSS solution: https://github.com/aserto-dev/topaz

Builds a subject/object relational graph