Episode 143 - GluuFederation/identerati-office-hours GitHub Wiki

Title: Unlocking Continuous Zero Trust Authorization with Cedar

Channels

Description

🚀 Explore the Future of Access Control StrongDM’s new Continuous Zero Trust Authorization transforms access control with real-time, contextual authorization—making static, role-based permissions a thing of the past. ✋🛑

🧩 Inside the Strong Policy Engine Justin will walk through how the Strong Policy Engine—powered by the Cedar policy language—enables write-once, enforce-anywhere policies. Learn how it pulls in device posture and other dynamic signals to deliver adaptive risk assessment. 📡🔒

🌐 Distributed Enforcement See how StrongDM delivers distributed enforcement across your infrastructure, ensuring every decision is evaluated continuously and contextually. ⚡🌍

✅ Key Takeaways Discover how this model: • Improves your overall security posture 🛡️ • Reduces the risk of unauthorized or overly broad access ❌ • Simplifies policy management in complex environments ⚙️

Homework

Takeaways

  • ⚡ The world is very complex, and it's important to get all the "nouns" and "verbs" right: nouns are resources (e.g. "car"); verbs are actions (e.g. "drive"). Cedar provides a great language and syntax to model the complexity, especially of sharing data.

  • ⚡ Computers are really fast. The quantity of data produced for security events is relatively small--probably a lot less vectors then we use to make shopping recommendations. There is prior art to solve how to move and process this data, and it can be accomplished in a few microflips.

  • ⚡ Maybe it doesn't matter whether you organize by person or resource. The *BAC says "whatever" to your plan is to control access as long as it can be unified under a common policy syntax.

  • ⚡ Zero Trust is a state of enlightenment that no organization has ever attained. But it's a useful pattern for us to think about security architecture.

Livestream Audio Archive

here