Episode 088: 02‐18‐2025 Rethink AuthZ‐ Immutable, Versionable Auth Models ‐ Trusted Delegation - GluuFederation/identerati-office-hours GitHub Wiki

Title: : Rethink AuthZ: Immutable, Versionable Auth* Models & Trusted Statements

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Nicola Gallo, Co-founder / CTO at Nitro Agility
• Guest: Antonio Radesca, CTO at Nitro Agility

Watch on:

• Linkedin Live
• Youtube Live

Description

ZTAuth* rethinks authorization onboarding with Immutable, Versionable, and Transferable Auth* Models. It introduces a new concept of trusted layer, implemented through Trusted Statements (Trusted Elevation and Trusted Delegation) and following Zero Trust principles. This solution was originally designed to address the challenges of disconnected systems in distributed environments, following the CAP theorem principles. It enables eventual consistency onboarding and later evolved into a more solid framework, this to enable companies to govern both policies and trusted statements.

ZTAuth* also provides a way to rethink the solution to the Confused Deputy Problem and enables a new approach to risk management, based on immutable authorization contexts. It works in cases where an authentication token is missing, relying on implied trust, such as REM (Registered Electronic Mail).

In this livestream, we will talk about ZTAuth* and how it is implemented in Permguard. We will also see why systems like this make enterprises think again about authorization. The goal is to start a discussion on how this broader approach can help other solutions and, hopefully, create interest in taking key ideas and working on a common standard.

Homework

• ZTAuth* Identity Actor Model Specification
• ZTAuth Medium Page
• Permguard Authz API Docs
• Permguard Github Page

Diagrams from Episode

Diagram 1

• 

Diagram 2

• 

Takeaways

• ⚡ Written in Go, Permguard is a new cloud native authorization infrastructure that can even run as a standalone, disconnected container. It uses a git-like protocol to get eventual consistency in its policy store.

• ⚡ The ZTAuth* approach tries to solve some of the complexity around delegation, which is very hard if you have a series of delegation rules that enable someone to do something on someone else's behalf.

• ⚡ LLMs can help to analyze authz policies and authz decision data, and the application of this ML technology has a lot of potential commercial value, especially with regard to risk management.

• ⚡ Permguard has an innovative design around policy integrity. The product uses a git-like replication mechanism for policies, which can produce important information about "what changed".

Livestream Audio Archive

here