Since our last update, we have released Cerbos PDP v0.41.0 and introduced audit logs for Cerbos Hub Embedded PDPs. In other news - we’ve released a new use case on securing Non-Human Identities with Cerbos!

We've also been busy expanding our educational resources - we have published guides on RAG authorization in LangGraph using Cerbos and Pinecone, ABAC vs RBAC in service-oriented architectures, as well as on mapping business requirements to authorization policy in HR systems.

Beyond technical guides, we've explored broader perspectives on authorization. We examined the build vs buy considerations with relation to authorization, the benefits of authorization at the edge, and shared insights into why we transitioned from using OPA to building our own engine.

Lastly, we’ve written a blog on certifications that could be valuable for enterprise architects, domain solutions architects and software engineers, and reflected on our experience at the DevWorld conference.

Product Updates

Cerbos Hub

We have introduced support for capturing audit decision logs from the Cerbos Hub Embedded Policy Decision Points (ePDP) using the latest version of the Cerbos Javascript SDK. 

This feature enables organizations to track and analyze authorization decisions made locally in embedded environments, providing complete visibility and audibility from wherever you choose to deploy Cerbos. 

Explore Cerbos Hub

Cerbos PDP

Version v0.41.0 of Cerbos PDP has been released, enhancing support for scope permissions and role policies.

Role policies provide an additional layer of restriction on resource policies, requiring explicit permission for actions while still adhering to resource policies. This allows applications to implement custom role-based access controls with greater precision. When coupled with scoped policies and scope permissions, per-tenant custom roles can now be implemented much more cleanly with strong isolation between tenants.

Additional improvements include:

• Defaulting time-based functions to UTC unless a specific time zone is provided
• Improved query planner handling for scope-based expressions
• Performance improvements when running in  Amazon ECS

You can find the full release notes here: v0.41.0

Cerbos PDP is open source, check out our GitHub

Helpful Content

Authorization for non-human identities (NHIs) with Cerbos

Service-to-service calls, external API clients, AI agents, bots, and background jobs all act as independent workloads, with their own identities, all needing access to data and resources. These NHIs need to be authorized just like human users. Otherwise, these workloads can become security risks, leading to over-privileged services, unauthorized data exposure, and compliance violations. Authorizing NHIs and avoiding the above risks can be done through the use of Cerbos. Find out the details in our blog.

Upcoming Events

For those of you who we met at DevWorld: thank you for stopping by and chatting with us. Your support means a lot!

We’re looking forward to the following conferences in the coming weeks.

Visit our booth at:

• KubeCon Europe, London, UK, April 1-4, Booth S632 in the startup section (Psst, ping us in our Slack #community channel to ask for a 20% off registration code).And catch Daniel Maher’s talk, Authz as a dev workflow, on April 4.
• European Identity Conference, Berlin, Germany, May 6-9
• Identiverse, Las Vegas, NV, June 3-6. Use code IDV25-CERBOS20 for a 20% discount on registration

Meet Daniel Maher, speaking at:

• OWASP Snowfroc, Denver, USA, March 14
• FOSS North, Gothenburg, Sweden, April 1-15

Meet Alex Olivier and Emre Baran at:

• Gartner IAM UK, London, UK, March 24-25
• Internet Identity Workshop, Mountain View, CA, April 8-10