InfoQ Homepage Fine-Grained Authorization Content on InfoQ
News
RSS Feed-
API Access with Amazon Verified Permissions and Amazon Cognito
AWS recently announced that Amazon API Gateway requests can now be authorized with Amazon Verified Permissions. With this feature, HTTP requests containing tokens issued by Amazon Cognito can be used to perform authorization decisions against API resources.
-
Open-Source Access Control with OpenFGA
Auth0 released version 1.0 of OpenFGA, an open-source authorization server for fine grained access control use cases. This release indicates the stability of OpenFGA’s APIs and its readiness for production deployments.
-
HashiCorp's Boundary Now Generally Available on HCP
Following a successful beta trial, HashiCorp has announced the general availability of Boundary on their cloud platform HCP. This adds a key new aspect to HashiCorp's managed solution for zero-trust security.
-
Airbnb Streamlines the Development Process with a Unified Architecture for Collaborative Hosting
Airbnb recently detailed how it designed and built a unified architecture for collaborative hosting. This architecture streamlines the development process of new products, as engineers only need to know about one central framework that will cover all hosting use cases. This framework encapsulates the specific types of collaborative hosting, freeing the engineers from the need to worry about them.
-
Airbnb Builds Himeji - a Scalable Centralized Authorization System
Airbnb recently described how it built Himeji, a scalable centralized authorization system. Himeji stores permissions data and performs permission checks as a central source of truth. It uses a sharded and replicated in-memory cache to improve performance and lower latencies and has served checks in production for about a year.
-
Fine-Grained Authorization for Java Applications
A fine-grained authorization system based on XACML specification can increase agility and control in addition to traditional role based access control method of authorizing users based on their roles. Subbu Devulapalli spoke at JavaOne 2010 Conference about standards and deployment models in user authorization. He also discussed best practices when implementing authorization in Java applications.