Episode 140 - GluuFederation/identerati-office-hours GitHub Wiki
Title: OpenSearch Conference: Securing Data with Cedar
- Host: Mike Schwartz, Founder/CEO Gluu
Channels
Description
The fine-grained access control challenge is no longer just “who can access the database,” but "what data they should see once access is granted." In this talk, we introduce a new security plugin for OpenSearch that filters the Search API based on policies written in the Cedar language and evaluated using an embedded Java policy decision point (or "PDP").
Imagine an API issues a search—but the results contain confidential records above the security clearance of the person or software entity.The plugin evaluates its policies for each document (ideally under 50 µs for each decision), ensuring only permitted data are included in the response.
Specifically, we’ll demonstrate how an approach to access management called “TBAC” (Token-Based Access Control) can be used with signed JWT tokens to create a cryptographic chain of custody for authorization for cloud or mobile applications from the identification of the person and workload to the OpenSearch query for data.