KubeCon + CloudNativeCon + Open Source Summit + AI_dev China 2024

As more folks deploy cloud-native architectures and technologies, store ever larger amounts of data, and build ever more complex software suites, the complexity required to correctly and securely authorize requests only becomes exponentially more difficult. Broken authorization now tops OWASP's Top 10 Security Risks for Web Apps. Their recommendation? Adopt an ABAC or ReBAC authorization model. This talk establishes the problems with the status quo, explains the core concepts behind ReBAC, and introduces SpiceDB, a widely adopted open source system inspired by the system internally powering Google: Zanzibar.

随着越来越多的人部署云原生架构和技术，存储越来越多的数据，并构建越来越复杂的软件套件，正确和安全地授权请求所需的复杂性变得指数级增加。 破解授权现在已经成为OWASP Web应用程序安全风险前十名之首。他们的建议是采用ABAC或ReBAC授权模型。本次演讲将阐明现状存在的问题，解释ReBAC背后的核心概念，并介绍SpiceDB，这是一个广泛采用的开源系统，受到Google内部系统Zanzibar的启发。