Google Zanzibar

Cloud-native / microservice-based products are complex. Building access control and managing permissions for them is only getting worse by the pull request.

IAM is huge in DevSecOps, with seemingly infinite buzzwords and terms. Here are the main ones every engineer and security professional should know.

Graph-based or policy-as-code? Explore access control systems in this comparative analysis. Discover pros, cons, and a hybrid solution.

Choosing the right policy agent to handle your authorization is not a simple task - each offers its benefits and has its drawbacks. How to choose? Read here.

What is Relationship Based Access Control, when should it be used, how can you implement it in your application, and how can you provide a UI for managing it?

Learn how to implement Relationship-Based Access Control (ReBAC) with OPA - an open source policy engine for controlling access to systems and resources.

Google designed its Zanzibar authorization system to handle its complex access needs. See how you can leverage this to create fine-grained ReBAC in your app

Attribute-Based Access Control (ABAC) and Relationship-Based Access Control (ReBAC) - how to make the most suitable choice for your application?

Discover the possible tradeoffs when building fine-grained authorization (FGA). Learn from a real-world use case how to examine such tradeoffs and build better software.