Hacker News with Generative AI: Authorization

Best Practices for User Authentication and Authorization in Web Applications (securityboulevard.com)
Your authentication system isn't just a door—it's the fortress protecting everything you value. This research paper presents a comprehensive framework for implementing secure authentication and authorization mechanisms in modern web applications. The increasing sophistication of cyber threats necessitates robust security practices for managing user identity and access privileges.

Web Development, Security, Authentication, Authorization

6 points by mooreds 5 days ago | 0 comments

Show HN: Pomerium Agentic Access Gateway – dynamic auth for AI agents (ycombinator.com)
TL;DR: We are building a new Agentic Access Gateway in Pomerium to safely let AI agents (like GPT-based deep researchers, scripts or assistants) access internal apps and resources on your behalf – with fine-grained, just-in-time authorization for every action. It's open source (GitHub link below) and we're looking for feedback and early access users.

Security, Artificial Intelligence, Open Source, Software, Authorization

10 points by bdesimone 5 days ago | 0 comments

Show HN: Gatehouse-TS – TypeScript port of Rust's authorization policy framework (github.com/9Morello)
Gatehouse-TS is a flexible, zero-dependencies authorization library written in TypeScript. It combines role-based (RBAC), attribute-based (ABAC), and relationship-based (ReBAC) access control policies. Port of the Gatehouse authorization library for Rust. The original authors did a fantastic job at creating an easy to use API, and were kind enough to let this library be named after Gatehouse.

TypeScript, Authorization, Security, Open Source, Rust

23 points by gr4vityWall 26 days ago | 0 comments

Gatehouse – a composable, async-friendly authorization policy framework in Rust (github.com/thepartly)
A flexible authorization library that combines role-based (RBAC), attribute-based (ABAC), and relationship-based (ReBAC) access control policies.

Rust, Authorization, Security, Access Control

76 points by hardbyte 45 days ago | 28 comments

The Case for Centralizing Authorization (aserto.com)
Authorization is a critical component of every business application. If the authorization system is down, the application is down, so it must run at very high availability. It also needs to evaluate every decision correctly or risk elevation of privilege or information disclosure vulnerabilities. Finally, it has to run at very low latencies, because authorization is in the critical path of every application request.

Security, Software Engineering, Authorization

38 points by mooreds 52 days ago | 23 comments

Untangling AI Agent authn/authz (venturebeat.com)
AI agents are set to change ID authorization: As they integrate behind the scenes, they will need to move seamlessly between different apps on our behalf, and not get continually halted by login screens, lest they become cumbersome.

Artificial Intelligence, Authentication, Authorization

12 points by sdomino 77 days ago | 2 comments

Solving Fine Grained Authorization with Incremental Computation (feldera.com)
If you've been following the security space, you've likely noticed the rise of Fine-Grained Authorization (FGA) access control models.

Security, Authorization, Access Control, Computation

13 points by gz09 113 days ago | 4 comments

CRDTs and Collaborative Playground (cerbos.dev)
At Cerbos, we specialize in simplifying complex authorization logic to empower developers with the tools to implement secure, scalable, and maintainable access control systems.

Authorization, Collaborative Development, Security, Distributed Systems

111 points by emreb 143 days ago | 8 comments

Show HN: Cerbos. Open source, horizontally scalable, stateless authorization (github.com/cerbos)
Cerbos is an authorization layer that evolves with your product. It enables you to define powerful, context-aware access control rules for your application resources in simple, intuitive YAML policies; managed and deployed via your Git-ops infrastructure. It provides highly available APIs to make simple requests to evaluate policies and make dynamic access decisions for your application.

Open Source, Authorization, Security, Access Control, Cloud

24 points by emreb 157 days ago | 3 comments

Auth Wiki (auth.wiki)
Explore and find clear definitions of key glossaries related to authentication, authorization, and identity management. Work with open-standards like OpenID Connect, OAuth 2.0, and SAML.

Authentication, Authorization, Identity Management, Open Standards

111 points by splash123 187 days ago | 28 comments

Authorization 101: Multi-tenant RBAC (aserto.com)
Every multi-tenant B2B SaaS product needs an authorization model that meets two fundamental requirements:

Authorization, Security, SaaS, Multi-tenancy, RBAC

13 points by mooreds 241 days ago | 0 comments

Show HN: Permify 1.0 – Open-source fine-grained authorization service (github.com/Permify)

Open Source, Authorization, Security, Software

154 points by ucatbas 261 days ago | 34 comments

Distributed Authorization (osohq.com)

Distributed Systems, Security, Authorization

150 points by AnhTho_FR 388 days ago | 64 comments

Show HN: AI assistant powered by Groq to generate authorization models (ycombinator.com)

AI, Authorization, Software, Generative AI

12 points by thegeekywander 393 days ago | 2 comments