top of page
Search
  • Raji Krishnamoorthy

Priority pass to Amazon verified permissions

Updated: Nov 23, 2023

On a Monday afternoon at Ooty’s The Valley School, as the clock inched closer to the final hour, children were waiting to hear the final bell. Meenu felt the absence of her partner-in-adventure, Rahul, who had taken a day off from school. She was bubbling with stories and couldn't wait to race back to Emerald Springs to share every tiny detail with him. Sprinting towards her school bus, eager to secure her favorite window seat, something colorful on the school noticeboard caught her eye.

Meenu reached back home, gobbled up her lunch and dashed out the door, eager to join her friends at the park.

Rahul, Rohan, and Aditi had already gathered in the park.

Rahul : Hey Meenu, how was school today? on my test blog

Meenu: "Leave that to me. My dad will take care. He’s buddies with the venue management."

Meenu, waiting for her dad to return from work, rushed to him the moment he sat down in the living room.


Meenu: "Twelve, for 3 of my friends and their parents!"

Mr. Kumar gave a warm smile, giving a nod that sealed the deal. In what felt like the blink of an eye, the big day rolled around. The four kids – Meenu, Rahul, Rohan and Aditi got ready for the concert. They decided to do a carpool. As they piled into the car, Meenu revealed her secret – VIP passes for everyone!

The group, excited and chattering, arrived at the venue. The security guard, spotting their VIP passes tied a blue colored band around their wrist and directed them to the best seats.

As the final notes of Alia Swift's mesmerizing songs, 'Shake it Off,' 'Blank Space,' and 'Enchanted,' echoed through the concert hall, Meenu turned towards her father with a look of hopeful anticipation in her eyes. Meenu seemed to be silently wishing for just one more enchanting moment.

With a mix of hope and apprehension, Mr. Kumar cautiously approached the security guard. In his hand, he held his member identity card for the Indian Arts Foundation that had organized this grand concert.

The children's faces lit up with joy. As they entered backstage, they stood in the glowing presence of Alia Swift they had only dreamt of meeting. They captured each moment in gleaming photos and autographs to cherish forever.

With hearts brimming with fulfillment, they began their journey back to Emerald Springs. On their way back, Rohan had a question to Meenu.

Rahul struggling to comprehend Meenu’s words displayed a look of deep confusion.

Meenu : What happened now was nothing but an example of Attribute Based Access Control authorization system, ABAC.

Aditi who was sitting quiet by the window, joined the conversation citing the VIP pass they got in the concert as an example of a Role based access control (RBAC), illustrating how privileges are granted according to the role one holds.

Meenu : Exactly, now let’s talk about ABAC. Instead of just relying on the type of wristband, the security team checks multiple attributes or characteristics about you before deciding which areas you can access. These attributes could include things like the time of day, whether you're over a certain age, if you're a member in any club, a personal connection with the artist and so on.

So, in ABAC, your access to different areas of the concert is dynamically decided based on a combination of various factors about you, not just the type of wristband you have. This is similar to how ABAC works in cybersecurity.



Rahul: "So, we got backstage because of ABAC? Cool!"

They all laughed, chatting excitedly about the concert and their new discovery. This wasn’t just a night to cherish but a learning experience, fueling their eagerness to apply these newfound lessons into building cool applications in Cloud.

After an exhilarating weekend, it was Monday again, and the children eagerly returned to school, looking forward to their most anticipated class: the computer science lab with Mrs. Katherine. In this class, they delve into the exciting world of cloud computing, specifically mastering the intricacies of Amazon Web Services (AWS).


Rahul gets an idea and calls Meenu to his table,

Meenu : Of course, we can implement ABAC in AWS. AWS has a service called Amazon Verified Permissions. You no longer need to code permission levels for users in the application code. With verified permissions, we can write authorization policies for an application outside the application and is centralized. It uses a policy language called Cedar policy language to define granular permissions.

Aditi : When an application is accessed by different personas each having its own permission levels, ABAC would come handy. Am I right, Meenu?

Meenu : Exactly! If an application’s access control is governed by attributes rather than identities or roles alone, it makes permission management flexible and dynamic to handle situations.

Rahul : Flexible? Dynamic? Handle situations?

Meenu : Look, for example, say we have a music store application and I own certain access rights to it. Assume I go on a vacation and I want to delegate the access to you. All I need to do with ABAC, get the attributes that govern my access such as group, level of authority etc. Instead of changing the application code, I update your attributes to match mine. I can temporarily assign you an attribute that mirror my authority level.


Rahul : That sounds easy and simple.

As the bell rang signaling the end of the class, Rahul, Meenu, and Aditi packed their bags for the day. Rahul, with a newfound discovery, turned to his friends and said, "So, with ABAC, we're not just coding an application; we're designing a flexible security model."

Meenu nodded, her eyes sparkling with enthusiasm. "Exactly, Rahul! It's about making security as agile as our apps. It's not just about building a smart lock for our digital house; it's about knowing who can open the lock with keys, when, and under what conditions."



93 views0 comments

Recent Posts

See All

Comments


bottom of page