Good news everyone: Cerbos Hub is now generally available! In this post, we’re going to explain what Cerbos Hub is, why it's useful, and how it solves some of the hardest challenges with externalizing authorization.
Cerbos: Fine-grained authorization and access control
New to all of this? No problem. Cerbos is a scalable and extensible authorization service for developer, product and security teams. It enables teams to implement fine-grained authorization and access control in their applications, services, and infrastructure in an auditable, programmatic, and scalable way. Maybe you’ve heard of RBAC, ABAC, ReBAC, PBAC and so forth? That’s what Cerbos is all about.
The Cerbos open source Policy Decision Point (PDP) is a popular solution for technical teams who’ve made the decision to separate the authorization process from their core application code, freeing them up to concentrate on their core business. It can be deployed as a binary on metal, in a sidecar, as a service in a VM—anywhere on your infrastructure, any way you want.
Cerbos Hub: manage centrally, deploy anywhere
One of the great things about the PDP is how powerful and extensible it is. Cerbos Hub is designed from the ground up to help you harness that power and control that extensibility. The industry term is Policy Administration Point (PAP), but it can be thought of as a control plane. Cerbos Hub is all about unlocking the full potential of the PDPs by providing an intuitive user interface, collaborative policy management, and a powerful testing and deployment pipeline.
Simplified policy management
Cerbos Hub centralizes policy management no matter where or how your PDPs are deployed. With a managed CI/CD pipeline, you can deploy and test policies seamlessly across development, testing, and production environments. No more juggling tools and processes—Cerbos Hub coordinates the rollout of authorization policies across your apps, APIs, and infrastructure.
Whether your infrastructure is on-premise, cloud-based, or serverless, Cerbos adapts to your needs. It supports edge devices, security hardware, and even in-browser runtimes for frameworks like React and Angular through its Embedded Policy Decision Point capability. This means you can authorize anywhere, keeping your policies in sync regardless of the environment. And with Cerbos Hub, managing that synchronization is easier than ever!
Embedded PDP
As one of our engineers so eloquently put it: “This requires some explanation.” Traditionally, when you’re thinking about service delivery, you’re thinking about a binary running in a container or sitting on a virtual machine somewhere. That’s fine, but it’s not the only model.
If you want to perform authorization checks directly from the end-user device, that would mean both exposing your PDP to the Internet and inviting network latency with every call. Another approach is to run those authorization checks on the device, in the browser, or from the edge—that’s where Embedded PDP comes into play.
The Cerbos Embedded Policy Decision Point is a WebAssembly module that runs right in your application, putting authorization checks as close to the user as possible. This reduces your security footprint, improves latency, and unlocks powerful functionality; for example, you can embed authorization checks in your user interface to only render the buttons they actually need to see!
When you update your policies in Cerbos Hub, Embedded PDPs are automatically compiled and distributed to your end-users via global CDN. This simplifies updates and streamlines management of your policies no matter where your end users are.
Robust policy authoring and testing
Cerbos Hub's web IDE lets you collaboratively build and test policies right in your browser! Create policies in YAML with our useful templates, then use the playground to refine, validate, and test those authorization rules. And since everything is ultimately code, this can be tied into your existing deployment workflow, meaning that the validation and deployment of your policies becomes another step in your application management lifecycle. Git actions, artifact generation, automated build and deployment pipelines—it all fits!
However, authorization is more than just code—it’s a representation of how your business functions. Who can access what, where, when, and how, goes beyond deploying your stack. Cerbos Hub is the best way to get everybody involved; from operations, to HR, to accounts payable (and even your CISO), Hub’s collaborative policy-building tools give everybody the opportunity to speak the same language and concentrate on their requirements and business cases.
Get started today!
Ready to level up your authorization game? Try Cerbos Hub and experience the future of authorization management.
Top comments (0)