Slide 4
Slide 4 text
@kubernetesonarm + @openfga
github.com/luxas/kube-rebac-authorizer
Developer Experience with OpenFGA
1. App developer specifies an authorization model
a. “Users can view folders, folders contain documents”
2. Write or import relationship data
a. “User Lucas can view folder ‘customers’, and folder ‘customers’ has document ‘secret’”
3. Query OpenFGA
a. “Can user Lucas view document ‘secret’?” ⇒ true
b. “What documents can user Lucas view?” ⇒ [“document:secret”, … ]