GET READY!
@permit_io
's launch week is coming: Oct 28th - Nov 1st 💫
Join us for a whole week of exciting brand-new features, livestreams, prizes, and giveaways -
Here are the plans for the week🧵👇🏻
Nothing is more frustrating than long lines at amusement parks.
Now, imagine that besides waiting, you also have to return to the entrance to grab a new ticket for every ride.
Authorization in applications had the same problem until PDPs were introduced.
An
#AuthZTuesday
🧵👇
Join us with Braden Groom, Staff Engineer
@Reddit
, and learn how they scaled authorization, achieving p99 <10ms per decision. We'll discuss the challenges of
#scaling
,
#performance
, and
#ux
. Learn about
@OpenPolicyAgent
, policy as code vs. data, and more.
Say hello to ‘Permit Elements’: Out-of-the-box access control elements (e.g., User Management, Audit Logs, Approval Flows, API Key Management) you can embed directly into your app.
Sounds cool? Check it out:
Protip: 8 months of refactoring your authorization can save you 3 hours of adopting best practices.
Got any authorization best practices you follow? Let us know -
We are super excited to announce our latest collaboration with
@trywilco
✨
@trywilco
now offers a new quest that teaches you how to handle permission management in a real app using
Check it out here:
We are super excited to announce that just launched out of stealth today with $6M in seed funding! 🥳
You can read more about it on TechCrunch here:
Thank you all so much for supporting our quest for better authorization ❤️
Our Slack community just reached 400 members!🥰
A huge welcome to all the newcomers.
If you want to learn more about the world of permissions and authorization from fellow devs - You're welcome to join us:
Solving AuthN + AuthZ with Open Source!
We're hosting a webinar with our friends from
@supertokensio
to discuss how you can solve all of your Auth needs with open source solutions!
Join us! Aug. 23rd, 10am EST / 5pm IDT
Sign up here:
We are proud to announce now supports the new
@awscloud
open-source policy engine
#Cedar
, providing access to Cedar via its SaaS service,
@opal_ac
and our own oss: Cedar-Agent 🌲
@AWSSecurityInfo
More here:
Join us as we talk about making one of the most annoying problems out there super easy using best practices, OSS (
@opal_ac
+
@OpenPolicyAgent
) and/or SaaS with
@permit_io
🤯
July 5th, 6PM IDT / 8AM PT ❤️
Sign up here:
Onboarding new
#developers
is a breeze with
@daytonaio
! Get your dev environment up and running consistently in just one command. Say goodbye to "works on my machine" issues for good.
We had a great time hangin' w/
@software_daily
! 💜
In this clip,
@OrWeis
discusses Permit Elements and why it's one of his favorite features. You can listen to the full conversation with
@alexbdebrie
here:
‼️🤯HUGE news: Permit’s policy-editor now supports ReBAC! Define granular permissions based on relationships between users and resources with an easy-to-use, low-code interface. Learn more:
#ReBAC
#Authorization
#Security
A nice read in
@SCMagazine
from
@snyksec
laying out some fundamentals in cloud security.
"Policy-as-Code empowers all cloud stakeholders to operate securely without any ambiguity." 💯
And that's a wrap! Congrats to Pinhas Keizman from
@noogata_ai
for winning our raffle, and thank you to all those who stopped by at our
@DevOpsDaysTLV
booth to say hi ❤️
Meet our
#DevLeaders
:
@jbaruch
Baruch has been doing DevRel ages before it was called DevRel. We are super excited to have him on our side on this amazing journey to making developers' lives easier.
Discover some top moch open-source auth projects that can enhance your application security, including
@hanko_io
,
@supabase
, and
@opal_ac
, for robust authentication and authorization with this cool new blog by
@gemanor
We are super excited to share
@kunalstwt
's new video about our open source project
@opal_ac
!
Go check it out and learn how you can easily keep your authorization layer up-to-date in real-time.
Say hello to Check! Our new company mascot and logo!
Check is a good boy - he never rebuilds access-control, and is always on the watch for unauthorized visitors. For fun he enjoys playing fetch with OPA queries.
He's always here to help when authorization gets *ruff* 🐕🐾
Our very own
@BDOded
is giving a talk on How to overcome pain when building permissions in cloud-native products at the
@CloudNativeFdn
TLV meetup!
Don't miss out! Next Wednesday on
@MSFTReactor
It's not only
#MyTwitterAnniversary
today - we also have some exciting news ☺️
Developer experiences should be easy, crisp, powerful - and named accordingly.
Say hello to
@Permit_io
- Our new company name.🎉
is all about making permissions easy.
Why is there a need to challenge authorization at this point of time? 🤔💡
@OrWeis
sharing his thoughts on the changes in the world of authorization.
In case you missed it - check out the rest of the interview with Or on
@CloudSecPod
here:
Join
@Sarah_Cecc
(
@AWSIdentity
) and
@aaguiar
(
@openfga
), co-creators of AWS Cedar and OpenFGA, to discover the world of policy languages! Learn about their creation, application, pros, cons, and how to choose the right one for your needs! Sign up here -
Multi-tenancy allows our application to cater to multiple customers without deploying separate instances for each.
@OrWeis
's new blog explains how you can shift your application to multi-tenancy by creating an authorization layer. Read more here:
Attribute Based Access Controls (ABAC) enables devs & teams to build permissions based on attributes such as:
❇️Geo-location
❇️Subscription status
❇️Payment status
❇️Resource ownership
We also provide
#lowcode
interfaces! Read more from our CEO
@OrWeis
Happy to announce a new addition to 10KMedia:
@permit_io
✨
They enable devs to bake in permissions + access-control into any product in minutes ☁️🔒 They come from Microsoft, Facebook, & Rookout and are already used by industry giants like Tesla.
1/ Passkey Authentication: As passwords lose their effectiveness, passkeys offer a more secure method of authentication, proving identity with biometrics or physical devices.
The adoption of WebAuthn in 2023 paves the way for widespread use of passkeys.
After 4 pints at a pub last night, and 5 hours of sleep, we got up at 6 am, paid 7 pounds for a coffee to talk permissions for the next 8 hours! Excited to see you at
@jfrog
's
#SwampUp
London!
Meet our
#DevLeaders
:
@ranrib
Ran is the co-founder of
@epsagon
which was recently acquired by
@Cisco
We’re extremely appreciative he’s on this journey with us to transform how engineers approach authorization.
Join us live with
@ivanburazin
(CEO & Co-Founder
@daytonaio
) and Aviram Hassan (CEO & Co-Founder
@metalbearco
) as we explore the critical link between developer productivity and developer environments.
In this session, we will go into best practices for simplifying development
Want to learn how to implement RBAC with
@AWSIdentity
new policy language,
#Cedar
?
Check out our latest tutorial:
Massive shoutout to
@michael_w_hicks
for all your assistance in composing this tutorial ❤️
Introducing
#FoAz
: Frontend-Only Authorization 🔒🚀
Say goodbye to backend complexity and embrace using secure APIs directly from the frontend with the new FoAz open standard.
CEO
@OrWeis
sat down w/
@DanaKohut7
to discuss the evolution of permissions and why ABAC (Attribute Based Access Controls) are inevitable.
RBAC ➡️ ABAC
Full interview here:
Reflecting on the incredible tech advancements of 2023, our prediction for 2024 points towards a stronger focus on security and reliability.
We've identified key access control features that we believe will be instrumental in the coming year.
An engineering roadmap thread 🧵👇🏻
"Let’s get right to the point: nowadays, open sourcing your core business product is a bad idea." --
@OrWeis
Read the latest piece from CEO
@OrWeis
about why startups need to shift away from open core business models ➡️ to open foundation.
#opensource
@thenewstack
🚀 Hacktoberfest x OPAL 🚀
We’re excited to be part of Hacktoberfest with OPAL, offering the community a chance to contribute to our project! 🎉
We will meet up on Wednesday, October 9, 2024, in collaboration with
@tikalk
at Tikal’s offices and work together to build a
✨Decouple policy & code by creating a separate microservice for authorization
✨Have an event-driven authorization layer that remains in sync with the application and any third-party services
Read
@OrWeis
's article about the best practices for building cloud-native permissions
Join our friends
@matteocollina
(
@platformatic
) and
@liran_tal
(
@snyksec
) and dive into access control, authorization, and security challenges in
@nodejs
frameworks. Learn why decorators and middleware aren't enough and discover best practices -
We sent
@DeveloperFilip
to
#OSDay23
to talk about the importance of Authorization and why you shouldn't build your own from scratch. He came back with a nice trophy and a blog about his talk 🏆. Read it here:
Here are some tips for building permissions into cloud applications ☁️🔐
@ContainerBlog
✨Decouple policy & code
✨Be event-driven (see: the open source project
@opal_ac
)
✨Practice
#GitOps
to seamlessly manage changes, apply versions, & apply checks
We had lots of fun at
@swimm_io
's "Continuous Everything" devtools meetup. Thank you
@GetHelios
, , Allero, and of course our very own
@BDOded
for the wonderful talks 🙌❤️
Meet our
#DevLeaders
:
@oicheryl
Up until recently the VP of Ecosystem at the
@CloudNativeFdn
now leads engineering at
@Apple
. We are delighted to have her support as
@permit_io
becomes a prominent tool in how engineers design and build permissions for cloud-native applications.
We’ve been working with many low-code tools while crafting this article, and let me tell you,
@supabase
does it better than anyone else. Check out our latest guide on frontend low-code tools and learn to create frontend apps faster and better
Most modern apps rely on abilities such as user invites, role assignment, or the usage of 3rd party data. They all have one thing in common: The need to be managed in a real-time fashion.
@opal_ac
is an open-source project that can help you do just that.
We often get asked "What is the difference between OPA + OPAL and XACML" . So we wrote a blog about it! (It has nice diagrams, code examples, the whole shebang!) Read about
@OpenPolicyAgent
+
@opal_ac
as an alternative to XACML here: