OPA : Zanzibar :: SOAP : REST? (opens in new tab)

(aserto.com)

18 pointsogazitt2y ago4 comments

4 comments

Great post! When starting a green field project, how would you approach the choice between the two options? Are there specific use cases in which one would be preferable over the other?

ogazittOP2y ago

Good question. OPA is best suited for ABAC-centric scenarios, where your authorization logic is expressed in terms of attributes on users, objects, or environment.

The ReBAC / Zanzibar model is more opinionated, but most use-cases seem to be pretty easily described in ReBAC.

bradhe2y ago

Interesting concept! Can kind of see it, although Zanzibar is a bit less concrete. REST really came into it's own with Rails, I think. Wonder if Aserto is Zanzibar's Rails?

ogazittOP2y ago

Thanks! Analogies are always challenging, but the Zanzibar ReBAC model fits the “opinion” and “simplicity” of REST (at least when compared to SOAP).

We will definitely need the “Rails” equivalent for making ReBAC accessible to many more developers than it is today, and Topaz / Aserto definitely aims to be one of these! :)

j / k navigate · click thread line to collapse

4 comments

itsronenh2y ago

Great post! When starting a green field project, how would you approach the choice between the two options? Are there specific use cases in which one would be preferable over the other?

ogazittOP2y ago

Good question. OPA is best suited for ABAC-centric scenarios, where your authorization logic is expressed in terms of attributes on users, objects, or environment.

The ReBAC / Zanzibar model is more opinionated, but most use-cases seem to be pretty easily described in ReBAC.

bradhe2y ago

Interesting concept! Can kind of see it, although Zanzibar is a bit less concrete. REST really came into it's own with Rails, I think. Wonder if Aserto is Zanzibar's Rails?

ogazittOP2y ago

Thanks! Analogies are always challenging, but the Zanzibar ReBAC model fits the “opinion” and “simplicity” of REST (at least when compared to SOAP).

We will definitely need the “Rails” equivalent for making ReBAC accessible to many more developers than it is today, and Topaz / Aserto definitely aims to be one of these! :)

j / k navigate · click thread line to collapse