> Digital Identities aren’t something unique to the fediverse and it’s not something Mastodon could stop if they wanted to. Nomadic identity is coming to the internet. The only question is who is going to own your identity. VISA/Mastercard, your government, Google, Microsoft, or you.
I've said this before but just wanted to throw out the net again 😅.
A while back I started working on integrations between #Backstage and #opa so you can use opa for #authorization! You can find it here if you're curious
Eventful day starting at 5 AM traveling from Stockholm 🇸🇪 to Utrecht 🇳🇱 to talk #authorization and #OPA at #VodafoneZiggo before heading to Haarlem and an amazing dinner with @parcifal and his wife. Tomorrow I’ll be presenting on #Regal, my #Rego linter, at the local OPA Amsterdam meetup. Good times!
Me and @charlieegan3 have been working on a new guide for the most common errors seen in #OPA during #Rego policy development. Parser errors, compiler errors and evaluation errors — it's all in there. Hopefully it'll be a useful resource to anyone trying to get a better understanding on why some errors happen, and how to fix them. Feedback always welcome!
Friends in the Netherlands! 🇳🇱 January 30, we'll be doing another #OPA meetup in Amsterdam! I'll talk about linters, and how #Regal the #Rego linter came to be. Also, @parcifal will be presenting on his work on OPA for fine-grained #authorization in #backstage. And of course — pizza, drinks and some of the friendliest techies in town to hang out with. If that sounds like fun, don't hesitate to join us!
Fantastic article on "Why logic programming is the best choice for #authorization" on Gusto's engineering blog. If you're curious to learn the history of #Rego, and why it's built on top ideas from logic programming, #prolog and #datalog, this is a great read.
Regal v0.12.0 just released! The latest edition of the #OPA community's favorite #Rego linter adds 4 new linter rules, a long-awaited capabilities feature, and many other improvements and fixes. Check out the full changelog, and get your copy!
Fun times at #NordicAPIs summit in #Stockholm 🇸🇪 yesterday. I got to talk #authorization in distributed systems, and how #OPA helps unify policy across the whole stack. Also a roundtable session on the topic of #security, where the audience really got involved. Awesome!
Great meeting so many ex-colleages and friends there too 😃
The Food and Drug Administration authorized marketing of a genetic test for detecting hundreds of gene variants associated with a higher risk of developing certain cancers.
The greatest challenge for vendors in the #Authorization, or #PolicyAsCode space, isn't to convince companies or their devs that their product is better than whatever their own engineers can build from scratch. The biggest challenge is to convince people that authorization, just like #identity, is an organizational concern, and not one that should be solved in each team individually. While getting buy-in from a single team is easy, getting a whole org to align on anything is... challenging.
I got to talk about myself, and some about #OPA, #authorization and #PolicyAsCode too, at the local #OWASP meetup in #Oslo 🇳🇴 this evening. Good times, and a really engaged audience. So many great questions after. Thanks @webtonull for inviting me!
I am wondering about a #federation behavior: say I have three #Fediverse instances A, B, and C. Important: instance A blocks instance C.
We have a person pA on A, pB on B that follows pA, and pC on C that follows pB.
What happens when pB boosts a post from pA? (When) can it reach C or pC?
I expect that, for #Mastodon it should not happen but I'd like to confirm this and to know whether it is also true for other platforms and what it depends on.
Swedish national day 🇸🇪 Yet instead of celebrating at home, I find myself in our friendly neighboring country 🇫🇮 talking #OPA and #authorization at #APIDays. Getting to meet with great folks like @Jeremiah, @kfekete and @fireball makes me think I made the right decision.
Next week I’m going on a tour! First off #Helsinki 🇫🇮 where I’ll #ChaChaCha myself into #APIDays and talk distributed #authorization and #OPA on Tuesday. Then off to #London 🇬🇧 where I will reveal my latest side project at the #CNCF meetup on Wednesday. If you’re anywhere near, let me know as I’d love to meet up 😃
I reckon the ActivityPub protocols could use further attention on the ol' authorization front:
"""
ActivityPub uses authentication for two purposes; first, to authenticate clients to servers, and secondly in federated implementations to authenticate servers to each other.
Unfortunately at the time of standardization, there are no strongly agreed upon mechanisms for authentication.
"""
This week I’ll be attending the #EIC conference in #Berlin 🇩🇪 On Wednesday evening I’m part of a panel discussing #authorization. On Thursday my buddy @charlieegan3 will be talking #OPA! And many interesting sessions on #security, #Identity and more. Anyone else going?