Slide 14
Slide 14 text
• Overlay access policies on top of an existing representation of the
world, provided by the user.
• Scales linearly: roughly, O(|user attributes| + |object
attributes| + |associations|) or, the size of the subgraph
for the user and object in question
• It can be configured to allow or disallow access based not only on
object attributes, but also on other conditions - time, location, etc.
• It can evaluate and combine multiple policies in a single access
decision, while keeping its linear time complexity.
• Audit to see what objects are affected by a policy.
• Explain why a particular access was allowed.
Next Generation Access Control (NGAC)
@jcchavezs | #IstioCon