Episode 156 - GluuFederation/identerati-office-hours GitHub Wiki

Title: OPA - SpiceDB Connector

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Roland Baum, Founder at umbrella.associates GmbH

Channels

• Linkedin Event
• Youtube Video

Description

Roland wrote a plugin that adds support for querying and manipulating relations from Authzed SpiceDB via gRPC as custom builtin commands for Open Policy Agent. Why does this make sense? How's it working out? Join us to find out!

Homework

• Github Project

Takeaways

• ⚡ Enterprises will need a "hybrid" approach to policy management: ReBAC, ABAC, TBAC... yes please.

• ⚡ "Authorized" v. "PDP" v. "Engine" ... there is some overlap of jargon here which eventually needs to be clarified by Authzenterati.

• ⚡ SpiceDB is a simple, scalable implementation of Zanzibar that is less feature rich then Indy Kite (3Edges).

• ⚡ Graph-based PDPs need to be kept in sync with application data. There was a good talk on this topic at Kubecon in relation to OpenFGA, but any graph system has the same challenge. It makes one wonder if graph based PDPs are like database indexes optimized for relationship queries.

Livestream Audio Archive

here