Tuesday, August 22 • 10:00am - 10:50am
[Virtual] OPEN TALK: Access Control for Cloud Object Storage: Enforcing Policy at the Edge

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Greg Hamer, Backblaze, Principal Developer Evangelist

Modern web applications often store assets such as documents, images and videos in cloud object storage such as Backblaze B2 or Amazon S3, often leveraging content delivery networks (CDNs) to efficiently cache and distribute assets to end users. This architecture is well suited to content that is to be publicly visible, but not for more sensitive assets, running the risk of inadvertent exposure of sensitive data when private and public assets are commingled.

In this session, we'll review common techniques for controlling access to cloud object storage, such as presigned URLs and proxying access via the web application. We'll then look at an alternative approach that takes advantage of the edge computing platforms being deployed by CDN vendors: implementing a policy enforcement point (PEP) at the edge. We'll compare and contrast role-based access control (RBAC) with attribute-based access control (ABAC), and explain how you can combine them to ensure that content is accessible only by authorized users. Finally, we'll share a concrete implementation, with source code, of a PEP implemented on Fastly's Compute@Edge serverless computing platform, accessing data stored in Backblaze B2 Cloud Object Storage.

This session is aimed at cloud developers, architects, and executives; we'll assume you have a basic understanding of cloud computing, but you won't need any previous experience of identity and access management (IAM) concepts - we'll explain things as we go.

avatar for Greg Hamer

Greg Hamer

Principal Developer Evangelist, Backblaze
Greg is a software development specialist in cloud, data, and application architectures. At Backblaze, Greg works with customers and developers delivering a wide variety of API-driven applications leveraging the incredible power of the Backblaze ecosystem. Backblaze B2 Cloud Storage... Read More →

Tuesday August 22, 2023 10:00am - 10:50am PDT
VIRTUAL OPEN Workshop Stage