Making of the Ory Permissions Language
When checking for authorization, you want the permissions system (such as Ory Keto or Ory Cloud Permissions) to consider "implicit" permissions gained through, e.g., role assignments. Such rules are application-specific: Whether or not an "editor" can "delete" a resource or just "edit" is up to the domain.Thus, we have created the Ory Permission Language to express such rules. In this talk, we want to share our design process, from user interviews to case studies and competitor analysis, all the way to the implementation.We'll end the session with a quick demo of how you can make use of the Ory Permission Language today, whether you are in the Ory Cloud or on-prem.
Patrik studied computer science at TU Munich, focusing on IT Security, formal languages, and distributed systems. During his studies, he started to work on open source cloud security software. Since 2020 he created and since then maintains Ory Keto as the first OSS implementation of the Google Zanzibar authorization server. Fluent in go, Typescript, English, German, and Czech he not only likes to code in his dark corner, but also loves the openness and teaching nature of OSS development.