Link
Embed
Share
Beginning
This slide
Copy link URL
Copy link URL
Copy iframe embed code
Copy iframe embed code
Copy javascript embed code
Copy javascript embed code
Share
Tweet
Share
Tweet
Slide 1
Slide 1 text
Securing the Future of AI Authorization Strategies for RAG Systems using LangChain4J and OpenFGA Deepu K Sasidharan
Slide 2
Slide 2 text
@auth0 | @deepu105 | deepu.tech ➔ JHipster co-chair ➔ Java Champion ➔ Creator of KDash, JDL Studio, JWT UI ➔ Developer Advocate @ Auth0 ➔ OSS aficionado, polyglot dev, author, speaker Hi, I’m Deepu K Sasidharan @
[email protected]
deepu.tech @deepu105.bsky.social deepu05
Slide 3
Slide 3 text
@auth0 | @deepu105 | deepu.tech The Current State of AI Security Agents, RAG and everything in between
Slide 4
Slide 4 text
@auth0 | @deepu105 | deepu.tech ● Prompt Injection ● Sensitive Information Disclosure ● Supply Chain Attacks ● Data and Model Poisoning ● Improper Output Handling ● Excessive Agency ● System Prompt Leakage ● Vector and Embedding Weaknesses ● Misinformation ● Unbounded Consumption OWASP LLM top 10
Slide 5
Slide 5 text
@auth0 | @deepu105 | deepu.tech ● Prompt Injection ● Sensitive Information Disclosure ● Supply Chain Attacks ● Data and Model Poisoning ● Improper Output Handling ● Excessive Agency ● System Prompt Leakage ● Vector and Embedding Weaknesses ● Misinformation ● Unbounded Consumption OWASP LLM top 10
Slide 6
Slide 6 text
@auth0 | @deepu105 | deepu.tech Identity Challenges for AI-Powered Applications
Slide 7
Slide 7 text
@auth0 | @deepu105 | deepu.tech Sensitive Information Disclosure
Slide 8
Slide 8 text
@auth0 | @deepu105 | deepu.tech How to prevent this?
Slide 9
Slide 9 text
@auth0 | @deepu105 | deepu.tech AuthZ
Slide 10
Slide 10 text
@auth0 | @deepu105 | deepu.tech Role-Based Access Control ?
Slide 11
Slide 11 text
@auth0 | @deepu105 | deepu.tech Security Challenges Dynamic Context Complex Relationships Granular Control Performance Requirements
Slide 12
Slide 12 text
@auth0 | @deepu105 | deepu.tech Relationship-Based Access Control (ReBAC) Fine Grained Authorization (FGA)
Slide 13
Slide 13 text
@auth0 | @deepu105 | deepu.tech OpenFGA a0.to/fga-event
Slide 14
Slide 14 text
@auth0 | @deepu105 | deepu.tech How does it work? FGA Store Authorization Model Relationship Tuples Check/ListObject/ListUser endpoints
Slide 15
Slide 15 text
@auth0 | @deepu105 | deepu.tech &/ Authorization Model model schema 1.1 type document relations define viewer: [domain#member, user] define commenter: [domain#member, user] define editor: [domain#member, user] define owner: [domain#member, user] type domain relations define member: [user] type user &/ Relationship Tuple [{ "user": "user:anne", "relation": "editor", "object": "document:new-roadmap" }]
Slide 16
Slide 16 text
@auth0 | @deepu105 | deepu.tech Demo time
Slide 17
Slide 17 text
@auth0 | @deepu105 | deepu.tech
Slide 18
Slide 18 text
@auth0 | @deepu105 | deepu.tech Prerequisites Java 21 Gradle An FGA instance (OpenFGA or an Auth0 FGA store) A local Ollama instance or OpenAI API key
Slide 19
Slide 19 text
@auth0 | @deepu105 | deepu.tech # 1. Clone the repo git clone https:&/github.com/auth0-samples/auth0-ai-samples.git cd auth0-ai-samples/authorization-for-rag/langchain4j-java # 2. Run OpenFGA locally or setup Auth0 FGA client docker pull openfga/openfga && \ docker run -p 8080:8080 -p 8081:8081 -p 3000:3000 openfga/openfga run # 3. Add environment variables to .env file vi .env # Initialize FGA model and tuples # model # schema 1.1 # # type user # # type doc # relations # define owner: [user] # define viewer: [user, user:*] ./gradle runFGAInit # Run the application ./gradlew run
Slide 20
Slide 20 text
@auth0 | @deepu105 | deepu.tech Auth for GenAI Try the demo and join the waitlist a0.to/ai-event
Slide 21
Slide 21 text
@auth0 | @deepu105 | deepu.tech AI Content from Auth0 https://auth0.com/blog/ai/
Slide 22
Slide 22 text
@auth0 | @deepu105 | deepu.tech Thank You