Demo of integrating Authorino with Authzed's SpiceDB.
SpiceDB is a Google Zanzibar-inspired authorization system that, like Google Zanzibar, allows for the modeling of fine-grained permissions based on relationships (Relationship-Based Access Control, or ReBAC).
One of the main challenges of implementing fine-grained permissions with an external authorization system is making that system aware of the existing relations. In this demo, we use Authorino callbacks to inform SpiceDB about the permissions implied by the operations requested by the users, such as creating or deleting an application resource, as well as granting and revoking access to resources for third-party users.
The full scope of the demo consists of protecting endpoints of a REST API that handles documents, the Docs API. Any authenticated user with a valid API key is allowed to create documents. Users can read and delete their own documents, as well as grant read access to their documents for other users. All fine-grained permissions involved are automatically stored in SpiceDB by Authorino, based on the operations requested by the users to the Docs API.
Repo:
github.com/guicassolato/autho...
More:
* Authorino - github.com/kuadrant/authorino
* Kuadrant - kuadrant.io
* SpiceDB - authzed.com/spicedb
Presented by:
Guilherme Cassolato (github.com/guicassolato)
Presented with:
* Google Meet - meet.google.com
* Visual Studio Code - code.visualstudio.com
* Tothom - marketplace.visualstudio.com/...