Great post! When starting a green field project, how would you approach the choice between the two options? Are there specific use cases in which one would be preferable over the other?
Good question. OPA is best suited for ABAC-centric scenarios, where your authorization logic is expressed in terms of attributes on users, objects, or environment.
The ReBAC / Zanzibar model is more opinionated, but most use-cases seem to be pretty easily described in ReBAC.
Interesting concept! Can kind of see it, although Zanzibar is a bit less concrete. REST really came into it's own with Rails, I think. Wonder if Aserto is Zanzibar's Rails?
Thanks! Analogies are always challenging, but the Zanzibar ReBAC model fits the “opinion” and “simplicity” of REST (at least when compared to SOAP).
We will definitely need the “Rails” equivalent for making ReBAC accessible to many more developers than it is today, and Topaz / Aserto definitely aims to be one of these! :)
itsronenh|2 years ago
ogazitt|2 years ago
The ReBAC / Zanzibar model is more opinionated, but most use-cases seem to be pretty easily described in ReBAC.
bradhe|2 years ago
ogazitt|2 years ago
We will definitely need the “Rails” equivalent for making ReBAC accessible to many more developers than it is today, and Topaz / Aserto definitely aims to be one of these! :)