Permit.io, the permissions framework for cloud-native applications, today launched “Permit Elements”. This new product will enable application developers to confidently and securely delegate the responsibility of access controls to their own customers via low-code, embeddable interfaces. This is possible because the team behind Permit.io – founded by engineers from Microsoft and Facebook – have solved the complex problem of meta permissions.
“As a developer, deciding who can do what and where within an internal application is already complicated enough,” said Asaf Cohen, CTO and Co-Founder of Permit.io. “Going beyond this and empowering customers to make these decisions for themselves – while maintaining enterprise-grade compliance and security standards – is a problem we’ve been dedicating our entire team to solving for months. Permit Elements addresses this problem with low code interfaces that can be embedded directly into an application and exposed to users.”
With just a few clicks, Permit Elements enables application developers to embed features like user management and audit logs directly into the application, which in turn provides customers with the ability to control and manage access to their own data and resources. This extra layer of user management removes the developer as a bottleneck and empowers customers to manage their own permissions autonomously and securely.
Permit Elements also leverages anomaly detection to identify potential security breaches by analyzing user behavior within systems, and offers identity protection by using internet-scouring technologies to detect and mitigate the risk of private information leaks.
According to the latest research from the Open Web Application Security Project (OWASP), broken access control presents the most serious web application security risk. Failures typically lead to unauthorized information disclosure, modification, destruction of data, or performing a business function outside the user’s limits. The report states that “94% of applications were tested for some form of broken access control.”
Permit.io is built on top of the open source project OPAL, also created by Or Weis and Asaf Cohen, which acts as the administration layer for the popular Open Policy Agent (OPA). OPAL brings open policy up to the speed needed by live applications; as an application state changes via APIs, databases, git, Amazon S3 and other 3rd-party SaaS services, OPAL makes sure in real-time every microservice is in sync with the policies and data required by the application.
“Permit Elements does for access controls what Stripe Elements did for payment processing – it’s about creating a streamlined experience,” said Or Weis, CEO and Co-Founder of Permit.io. “This has been one of the most highly requested features from our customers. Developers are tired of constantly rebuilding these experiences. With Permit Elements, access control is finally solved end-to-end and developers can focus on their core product.”
Permit.io provides an efficient, adaptable, and powerful authorization system that includes a microservices-based application layer. It’s amazing how easily this can be implemented into your product with little or no authorization knowledge. – Ran Ribenzaft, CTO & Co-Founder of Epsagon (Acquired by Cisco)
Just like with feature-flags, permissions have been something developers have been building over and over again. Permit.io’s authorization puts an end to this struggle once and for all. You basically just have to plug it in, and you’re done – a simple, elegant, and time-saving solution. – John Kodumal, CTO and Co-Founder of LaunchDarkly
Permit.io enables developers to bake in permissions and access-control into any product in minutes. Open source at its core, the platform builds on top of OPA+OPAL as a service, providing the API and UI access-control interfaces that make it simple to shift security left. Permit.io is founded by former engineers from Facebook, Microsoft, and Rookout and is already used by industry leaders like Accenture, Cisco, Tesla and others.
Discussion about this post