Episode 102 - GluuFederation/identerati-office-hours GitHub Wiki
Title: The Rise of the Embeddable PDPs
- Host: Mike Schwartz, Founder/CEO Gluu
- Guest: Alex Olivier, Co-founder & CPO @ , Cerbos
Channels
Description
Explore the emergence of a new class of WASM (WebAssembly) embeddable Policy Decision Points (PDP) products, such as Cerbos’ ePDP and Janssen Cedarling, and why they represent a significant leap forward for modern enterprises.
Application architectures are evolving, with applications running in a variety of different environments, deployment models, and localities - often at the same time - so managing their security in a consistent and scalable way is vital. With recent standardization efforts in both the WASM and authorization ecosystems, WASM-powered PDPs are now a viable approach. These are designed from the ground up to run efficiently in diverse runtimes—within browsers, mobile apps, at the edge, or in the cloud. These PDP solutions deliver fine-grained authorization, auditability, and consistency across microservices, APIs, and multi-cloud ecosystems. This portability makes it easier than ever to integrate robust authorization logic directly into distributed applications, without sacrificing performance or security all whilst maintaining the centralized policy administration identity professionals have come to expect.
Whether you're a CISO focused on governance, a developer optimizing externalized policy management, or an architect building scalable systems, this episode will explore how WASM-embeddable PDPs reshape enterprise security and policy enforcement.
Homework
Takeaways
-
⚡ CON: the PDP must have a connection to backend data to make decisions. But it isn't a problem for many policies that don't need access to external data, for example in the front-end.
-
⚡ CON: its hard to customize IDP tokens. But it wouldn't be if you used Gluu Flex... or some other IDP that is good at orchestrating identity flows and enriching tokens.
-
⚡ CON: with distributed PDPs its hard to deliver updated policies and collect audit logs? But it wouldn't be if your organization uses enterprise tools purpose built for this challenge.
-
⚡ PRO: Speed / Latency - embeddable PDPs offer sub millisecond response to authorization requests. Network round trip delays are not acceptable for front end web or mobile developers.
-
⚡ PRO: With the introduction of WASM, we finally can run a PDP in the browser. These PDPs are relatively small in size: Cerbos ePDP is < 1M. The Cedarling is < 2M.
-
⚡ PRO: Less infrastructure. These PDPs don't require a Linux container running with a JSON/REST interface.
-
⚡ PRO: Developer friendly--use native language import, and call PDP functions like authorize. For example, import the PDP using NPM, like any other Javascript library.