< session />
Turnstile: A Hierarchical Authorization System
Wed, 26 April, 2:30 PM - 3:00 PM GMT+5:30
At our firm, we needed an authorization system to support applications with varying levels of intricacy. We have applications that A) have many complicated permissions and policies, and B) require speed and no downtime, strong auditing capabilities and transparency into authorization decisions. We developed Turnstile in-house to address those complexities.
Turnstile:
- has much of the expressiveness of ABAC/ReBAC
- puts hierarchy front and center (does not represent policies as code)
- allows for easy hierarchy and exploration like a DAG but with expressive power and interpretability of ABAC
In this session, we’ll highlight the need for a centralized authorization system to support applications with varying levels of complexity. We’ll discuss the original idea for Turnstile, its design, and its implementation through an in-memory graph database.
< speaker_info />
About the speaker
Daniel Solnik
Software Engineer, D. E. Shaw Group
Daniel Solnik is a software engineer at the D. E. Shaw group, where he is a member of the Application Engineering team. He is responsible for a range of security initiatives, including the authorization system used in trading, and manages more than 45 applications at the firm. Daniel also contributes to the development of encrypted high-performance socket communication and sensitive container code security. He specializes in developing highly performant, auditable, and reliable software systems to support a range of different use cases.
