Hacker News new | ask | show | jobs
by emreb 1708 days ago
Disclaimer: I am the co-founder of Cerbos

Broken access control becoming the number one issue is no surprise. We have faced this so many times when building enterprise SaaS software and having to go through ISO certifications.

We believe re-invention of the access control wheel causes these problems at every software company because there is no good standards to start from. With Cerbos we try to address this issue in the market.

We wrote about this issue and how we can help solve it in our blog few weeks ago. https://cerbos.dev/blog/broken-access-control-is-the-1-issue...
2 comments
merb 1708 days ago
well I think the biggest problem in authorization is definitv if you need object access control and implement lists, it makes things really really tricky and there is basically no good standard for it. resource-based rbac is hard, extremly hard and it can easily become either a mess or a performance bottleneck.
link
emreb 1708 days ago
I agree with your points. We have adopted a resource-based RBAC/ABAC and a policy language in simple YAML to address some of these challenges. In terms of performance, a side car architecture with SDKs give good response times. In such simple architecture the implementation of lists is the current challenge we are addressing. However, for majority of use cases abstracting the decision making logic to a centralized service and providing a simple API that addresses the question of can this principal, do this action on this resource with a true or false answer goes a long way.
link
samjs 1708 days ago
If you're interested in resource-based rbac [1] with list endpoints [2], Oso supports both! You're right, it's a tough problem, we've invested a ton of time to make this work well without needing to rearchitect your app.

(I'm cofounder/CTO at Oso).

[1]: https://docs.osohq.com/guides/rbac.html

[2]: https://docs.osohq.com/guides/data_filtering.html

link
1cvmask 1708 days ago
It says that your software is open source. What type of open source license is it and why did you pick that particular license?
link
maccard 1708 days ago
There's many links to their github page [0] which is all Apache 2.0. I'm unaffiliated with Cerbos so IO can't speak for why that license.

[0] https://github.com/cerbos

link
1cvmask 1707 days ago
I went to their github and saw no license mentioned at all.
link
maccard 1707 days ago
Here [0] is a link to the license file on their main repo, and Here [1] is a screenshot of the link in my previous comment highlighting the license on all of the repos.

[0] - https://github.com/cerbos/cerbos/blob/main/LICENSE [1] - https://imgur.com/a/dbVHwUW

link