When checking for authorization, you want the permissions system (such as Ory Keto or Ory Cloud Permissions) to consider "implicit" permissions gained through, e.g., role assignments. Such rules are application-specific: Whether or not an "editor" can "delete" a resource or just "edit" is up to the domain.Thus, we have created the Ory Permission Language to express such rules. In this talk, we want to share our design process, from user interviews to case studies and competitor analysis, all the way to the implementation.We'll end the session with a quick demo of how you can make use of the Ory Permission Language today, whether you are in the Ory Cloud or on-prem.
Technical Product Owner at Ory
Henning is a Software Security Engineer at Ory, where he is working mostly on Ory Keto. Prior to Ory, he founded Code Intelligence, a company focussing on fuzz-testing. He holds a Ph.D. in IT Security from the University of Bonn and is passionate about Usable Security and making it easier for developers to build secure systems. He lives with his wife and two kids in Aachen.
Software Engineer at Ory
Patrik studied computer science at TU Munich, focusing on IT Security, formal languages, and distributed systems. During his studies, he started to work on open source cloud security software. Since 2020 he created and since then maintains Ory Keto as the first OSS implementation of the Google Zanzibar authorization server. Fluent in go, Typescript, English, German, and Czech he not only likes to code in his dark corner, but also loves the openness and teaching nature of OSS development.
