Announcing Cerbos Hub public beta, new collaborative IDE and embedded WASM policy decision points

Published by Alex Olivier on November 06, 2023
Announcing Cerbos Hub public beta, new collaborative IDE and embedded WASM policy decision points

image

We are excited to announce the public beta launch of Cerbos Hub, as well as two new unique features, which make authorization management simple for developers.

What is Cerbos Hub?

Cerbos Hub is a complete authorization management system for authoring, testing, and deploying authorization policies. It is a collaborative solution for developer teams who want to save time, streamline their workflows and confidently roll out authorization updates, letting them focus on delivering great products and end-user experiences.

Embedding authorization logic in your core application code becomes a maintenance burden due to potential security bugs and ever-changing business requirements. The stateless and scalable open source Cerbos Policy Decision Point (PDP) product solves this pain, enabling users to seamlessly implement roles and permissions within their applications.

“As an application developer, one of the worst things you can do, aside from rolling your own cryptography, is rolling your own authorization model"

- Sebastien Jeanquier, Chief Security Officer at Upvest

Cerbos Hub provides a complete and centralized authorization SaaS solution. It delivers a management interface and policy distribution infrastructure that extends the PDPs’ functionality.

Platform and Language Support

Cerbos works with every major programming language, with SDKs for JavaScript, Python, Java, Go, Rust, .NET, PHP, and Ruby. Cerbos is also simple to use with popular frameworks such as Express, GraphQL, NextJS, and NestJS.

Cerbos products natively support JWT for integration with authentication providers such as Auth0, Okta, AWS Cognito, Magic, WorkOS, Clerk, FusionAuth, and Stytch.

What’s New

#1: Embeddable authorization policies via WebAssembly

Documentation for Embedded Policy Decision Point

Powered by WebAssembly, Cerbos Hub generates an embeddable version of its policies, enabling authorization decisions to be made on-device, at-edge and in other environments where it is not possible to run a service. Bundles are generated through the Cerbos Hub CI/CD pipeline and are kept in sync with your policies on every change. The bundles can be accessed in applications via the Cerbos SDKs. And they handle authorization checks without requiring a roundtrip to the backend service.

Advantages of Embedded Cerbos PDPs

  • Speed: By leveraging WebAssembly, Cerbos Hub ensures that your authorization policies are lightweight, fast, and universally compatible across various platforms and devices.
  • Security: Authorization decisions are processed directly on the user's device, enhancing security and reducing latency.
  • Reduced server loads: Authorization logic is distributed closer to the user, embedded at the edge, ensuring rapid response times and reduced central server loads.
  • Consistency: As Cerbos Hub distributes policies for both the Policy Decision Points (PDPs) and the WebAssembly modules - any changes to policy is reflected everywhere with no extra work.

With today’s variety of deployment models, the need for flexible and adaptable authorization mechanisms is paramount. Cerbos Hub-powered embedded decision points open up even more deployment options to enforce authorization across your entire application architecture.

#2: Write and test policies in the Cerbos Hub’s IDE

Documentation for Collaborative Playground

Users of Cerbos’ open source product, Cerbos PDP, will be familiar with the Cerbos Playground. It is an interactive space where users can write, test, and simulate Cerbos policies in real time.

Cerbos Hub now comes with a fully-featured collaborative IDE - Cerbos Hub Playground, for developing, iterating, and testing policy. It provides instant feedback on changes, has an automated test runner, and integrates into your git-based workflow, enabling your authorization policies to evolve with ease.

image

Advantages of Cerbos Hub’s IDE

  • Instant feedback: The IDE provides instant feedback, streamlining the learning process as users develop, iterate, and test policies.
  • Zero setup: With zero setup required, you can dive straight into using Cerbos Hub Playground without any initial installations or configurations.
  • Safe environment: The IDE offers a safe environment where you can experiment freely without posing risks to your actual systems or data.
  • Collaborative real-time editing: Team members are able to share Playground sessions for collective learning and problem-solving.
  • Sample policies: Cerbos Hub’s IDE features sample policies, enabling quick start-up with pre-built examples for common application permission models.
  • Integration: The platform integrates seamlessly into your git-based workflow, facilitating the easy evolution of authorization policies.

The playground environment helps both newcomers and experienced developers understand and experiment with Cerbos' capabilities without any setup or installation within minutes. Developers can simulate different scenarios and answer authorization questions specific to their own policies. The sample policies included in the Playground are especially useful for new users, providing best practices and inspiration on how best to design policies for optimal security and scalability.

Cerbos Hub features

Cerbos Hub makes authorization and permissions easy, even if you’re not familiar with terms like RBAC, ReBAC, and ABAC:

  • The fully managed interface handles the precise details of policy management and coordinates with the Cerbos PDP instances running inside the environment, without external dependencies, ensuring that the developer stays in control while maintaining low-latency authorization checks.
  • The PDP endpoints, powered by WebAssembly, enable embedded authorization within apps, browsers, at edge, and on device, using the same set of policies as the authorization service deployments.
  • A collaborative policy playground allows users to collectively iterate on policy, get real-time feedback on changes, and evaluate test suites right from the convenience of a browser. Cerbos Hub lets you test the integration with your application without requiring any infrastructure or services.
  • The managed CI pipeline makes policy testing and distribution easy, and policies remain in the team’s GitHub repo which they can control and manage access to.

Cerbos Hub has a generous always-free tier for you to start experimenting and a 3-month free trial with additional features for larger deployments. Give it a try and tell us what you think!

Relevant links

Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team