In this episode of TFiR Let’s Talk, Swapnil Bhartiya sits down with Or Weis, CEO and Co-Founder of Permit.io, to discuss permissions in the world of cloud. He goes into depth about how Permit.io is democratizing permissions to make it more accessible for developers using local interface rather than classic engineers. Additionally, he goes into depth about how Permit.io’s back role-based access control is helping people navigate access control.
Key highlights from this video interview are:
- Permit.io aims to ensure that developers never have to build permissions again. Weis explains that as a developer, he spent many hours building permissions again and again, which led him to creating Permit.io.
- Broken access control continues to be one of the most critical issues when building applications today, and Weis feels that many are choosing not to roll their own since it is not easy to get right. He explains how their solution enables developers to bake in complex policies without having to write a lot more code and the benefits this brings.
- An increasing number of people are becoming developers, whether classic engineers writing code or using local interface, or by managing complex systems through AI. Yet as the space expands, so does the attack surface. Weis feels that this is the core reason why it is important to build guardrails and use practices in applications.
- Weis feels that anything not proprietary is becoming enabled by additional services, allowing developers and vendors to specialize in their own specific area. Yet, it is difficult to balance the needed requirements. He discusses how organizations need to find a balance between infrastructure and building out new things. He explains how this translates to working with low-code and no-code, due to talent shortages.
- Permit.io’s back role-based access control forms the core of the authorization space. Weis explains how it manages old permissions through roles directly. However, not every scenario can be described by roles which is where attribute-based access control comes in. Weis explains how they are allowing people to use their complex policies without having to write code. He discusses how it is lowering the entry for people to generate policies.
- While there are standards for authentication, there are currently no standards for authorization. Weis feels that it is important to build an open source communication around reaching those standards, telling us why they are passionate about adopting open source and combining it with what they are building. He tells us about their open source project OPAL, an open policy administration layer that manages open agents, loading the data and policies in real time in an event-driven fashion.
- Weis tells us how Permit.io will be participating in KubeCon saying that a large percentage of their team will be there and they will be giving talks. He explains how they will be addressing some of the complexities of access control with microservices. He explains how their open source project, OPAL, helps with access control in Kubernetes.
The summary of the show is written by Emily Nicholls.