Chris Norman

Delighted to share that we’ve raised $3.1M for @CommonFateTech from @Work_Bench @haystackvc @EssenceVenture. Our mission is to empower teams with security tools that developers love and this funding will help realize it.

@cedarpolicy for Kubernetes is here!

@micahhausler this is awesome, fantastic release @micahhausler. Love the idea of consolidating user authorization and admission control in a single language. I could envision network policies being expressed in Cedar too

@chr_norm cedarpolicy.com/blog/cedar-for… github.com/awslabs/cedar-…

New article from me on the @cedarpolicy blog: validating Cedar policies using @github actions. If you use an authorization framework like Cedar, you will probably store policies as source code. My GitHub action validates these and annotates pull requests. Article link below!

@micahhausler I’ve not used it but I do see Kyverno being recommended now and again

Is there another good general policy library for Kubernetes besides Gatekeeper out there? I'm curious what kind of policies people are enforcing in the real world. open-policy-agent.github.io/gatekeeper-lib…

@haydnjohnson Yes! both the CLI and the browser extension are MIT-licensed. github.com/common-fate/gr…

@chr_norm wait.. is this whole thing opensource? damnnn!

Granted now makes logging in to AWS IAM Identity Center faster + more secure Our new browser extension mitigates phishing attacks for @awscloud plus makes signing in a LOT faster. Some background + more info in thread.

Full details including how to get started can be found here commonfate.io/blog/granted-m…

@christophetd has also published a deep-dive into this issue in 2021 (yes, it’s been a problem for 3+ years!) blog.christophetd.fr/phishing-for-a…

@micahhausler Let me know when you do! I’m a huge fan of the framework. Our customers write their own Cedar policies to authorize access inside our product. It’s led to some great, transparent discussions. It really feels like having the power of AWS IAM, but for any API.

@chr_norm Nice! I've got some cool Cedar stuff cooking... hoping to open source it soon

Slides: fwdcloudsec.org/assets/present…

Example codebase: github.com/chrnorm/build-…

I spoke at @fwdcloudsec EU 2024 on how we are using @cedarpolicy to protect our services in the cloud, including implementing our very own CloudTrail-like audit logs. The talk recording is now live!

@micahhausler Good point on the key algo negotiation with the key directory, I kept it deliberately very simple in the initial lib implementation, because for my use case I was strictly supporting ecdsa-p256-sha256

@micahhausler Thanks for the feedback! Do let me know if you build a Structured Field lib, I’d be interested in migrating to one with a friendlier license. I’d definitely accept PRs for those signing algs

I'm pretty excited about RFC9421. If you're into Authenticaation haven't seen it, give it a read. rfc-editor.org/rfc/rfc9421.ht…

@Mylestro Thankyou! We’ve found adopting Cedar hugely beneficial. If you kick the tires on it I’d love to hear how you go, feel free to DM me to chat more

Hey, @chr_norm Great talk at fwd:cloudsec, nice to see some practical talks about using Cedar. Have been thinking about giving it a look for some projects.