The fine-grained nature of cloud native deployments requires fine-grained authorization at each component. However, this may require security policies to be centrally defined and the configurations reflecting them to be defined in each microservice to enable uniform, consistent enforcement across the entire system which is hard to model and maintain.

OpenFGA is an open source solution to Fine-Grained Authorization that applies the concept of Relationship-based access control (ReBAC) where a subject's permission to access a resource is defined by the presence of relationships between those subjects and resources. It was designed for reliability and low latency at a high scale.

This talk will offer an overview of OpenFGA, ReBAC and its advantages when used along with Istio to achieve a true zero-trust architecture.