Build Authorization at Scale with Open Source ReBAC based on Google Zanzibar

Broken authorization currently tops OWASP's 'Top 10 Security Risks for Web Apps' list.

Their recommendation to fix this? Adopt an ABAC or ReBAC authorization model. This talk establishes the problems with the status quo, explains the core concepts behind ReBAC, and introduces SpiceDB, a mature and widely adopted open source ReBAC system inspired by the system internally powering Google services such as Docs, YouTube & Cloud IAM - Zanzibar.

How to Secure & Optimize Your RAG pipelines with Fine Grained Authorization

It’s time for Day 2 Ops in the world of AI.

Building enterprise-ready AI poses challenges around data security, scalability, and integration, especially in compliance-regulated industries. Firms are increasing efforts to mitigate risks associated with LLMs regarding sensitive data exfiltration of PII and sensitive company data. The primary mitigation strategy is to build guardrails around Retrieval-Augmented Generation (RAG) to safeguard data while also optimizing query response efficiency. 

This session will cover how modern permissions systems can safeguard sensitive data in RAG pipelines. We'll start with why Authorization is critical for RAG pipelines to protect sensitive data from potential vulnerabilities and also the various techniques for permissions-aware data retrieval including prefiltering, and post-filtering vector databases.

The talk will also include a practical demo implementing fine-grained authorization for RAG using Pinecone, Langchain, OpenAI, and SpiceDB.

Running low-latency workloads on Kubernetes: Lessons learned from SpiceDB

Not all workloads are created equal!

While Kubernetes is designed for flexibility and scalability, it does not provide guarantees for performance-sensitive workloads by default. Without the right configurations, latency-sensitive applications can suffer from unpredictable scheduling, resource contention, and noisy neighbor effects.

This talk distills some of the lessons learned from running SpiceDB - a low-latency authorization system, on Kubernetes and how we got to 5ms p95 @ 1M Requests Per Second. The talk covers

1. Understanding and Mitigating Kubernetes Defaults
2. Advanced Resource Management Strategies
3. Scaling for Performance

By the end of this talk, attendees will understand the practical steps required to reduce unpredictable latency in Kubernetes environments. Whether you're running a global-scale system or fine-tuning a critical microservice, these best practices will help ensure your workloads run smoothly under the highest demands.

Build global-scale Authorization in your web app with Open Source

This workshop will teach you to build Authorization into your web app using SpiceDB - a widely adopted open source system. SpiceDB is based on Google Zanzibar which is the system that Google uses to power the authorization across their products such as YouTube, Google Docs and Cloud IAM.

In this workshop we will integrate authorization to a demo web app. The workshop will be available in multiple programming languages as well as deployment targets.

How Google built a Consistent, Global Authorization System with Zanzibar (and you can too!)

Google Zanzibar is the singular authorization service that powers permissions and sharing across all Google properties, including Docs, YouTube, and Cloud IAM. Creating a consistent, global-scale authorization system that can process "more than 10 million client queries per second” is not a trivial task. The talk will cover how the paper lays out an engineer-friendly blueprint for building a highly scalable distributed system with flexible consistency guarantees.

This talk will start with foundational knowledge of Relationship Based Access Control (ReBAC) and then cover the technical implementations behind Zanzibar - How Google solved for correctness, scale and speed. The presentation will cover the different APIs for interacting with the system and also a deep-dive into how the “New Enemy” problem was solved. The talk will conclude with how you an use open source tools to build authZ into your application.

Broken Authorization now tops OWASP's Top 10 Security Risks for Web Apps. Their recommendation? Adopt an ABAC or ReBAC authorization model. This talk teaches you how Google built Zanzibar for global-scale and how you can implement this for your customers. The talk is targeted at developers, platform engineers and team leads who work on applications at scale that required different permissions.

Build authorization at scale with SpiceDB on Amazon EKS

Building modern authorization from scratch is non-trivial and requires years of development from domain experts. Till very recently, the only developers with access to these workflows were employed by massive tech companies that could invest in building mature, but proprietary solutions. Not only were these solutions proprietary but they also own the maintenance and continuous development of the solution. That’s where SpiceDB comes in!

SpiceDB is an open-source, Google Zanzibar-inspired database system for real-time, security-critical application permissions. This webinar shows how you can deploy a SpiceDB instance on Amazon Elastic Kubernetes Service (EKS) which is the managed Kubernetes service provided by Amazon and is the best way to run SpiceDB on AWS. The webinar covers a quick introduction to SpiceDB and then goes straight into a demo of the deployment process on EKS.

BAC to the Future: A deep-dive into different Authorization models

Open Worldwide Application Security Project (OWASP) publishes a yearly "Top 10 Security Risks for Web Apps" list. Guess what topped their list this past year?

Broken authorization.

This talk is a deep-dive into common Authorization models such as Role Based Access Control (RBAC), Attribute Based Access Control (ABAC) and Relationship Based Access Control (ReBAC). We discuss how each of these AuthZ models work, how they are implemented, and what the advantages & disadvantages of each are.
At the end of the talk you will have the knowledge to decide which type of authZ model is best suited for your application.

A foundational understanding of the main types of Access Control systems and what the trade-offs of each are. Important to know which system is best suited for your use-case. This talk is aimed at an audience who are unfamiliar with identity and access management.