Fine Grained Authorisation with Relationship-Based Access Control - Ben Dechrai - NDC Porto 2023

This talk was recorded at NDC Porto in Porto, Portugal. #ndcporto #ndcconferences #security #cloud #developer #softwaredeveloper Attend the next NDC conference near you: https://ndcconferences.com https://ndcporto.com/ Subscribe to our YouTube channel and learn every day: /@NDC Follow our Social Media! https://www.facebook.com/ndcconferences https://twitter.com/NDC_Conferences https://www.instagram.com/ndc_conferences/ Should this user be able to read that article? Who is allowed to tag me in a social media post? How can I share this document with everyone who has access to the parent folder? Authorisation is hard, let's face it. Role-based access control is a great starting point, but hard to scale. Attribute-based access control scales better, but neither are much good at answering more complex conditions, like limiting access to friends-of-friends, meaning we have to wrap this up into business logic. This is where relationship-based access control (ReBAC) comes in, allowing nuanced access to resources without codifying that into the applications. In this session, we'll look at how to define these relationships, experience live demos, and discover how we can deploy our own fine-grained authorisation service.