How we solve one of the most fundamental challenges in software: permissions and access-control

An Interview with Permit.io’s CEO and Co-Founder, Or Weis

In this week’s interview, I sat down with Or Weis, the CEO and co-founder of Permit.io. He shares his vision for the future of creating secure applications and how his company provides a simple and powerful solution to one of the most common challenges in software by providing a low-code interface for permissions and access-control.

When you see Permit for the first time, you wonder how a solution like this didn’t already exist in the market. It drastically simplifies how we build apps while also making them more secure. The best part about Permit — it’s entirely based around opens source software.

> Want your company interviewed in Level Up Coding? Fill out this form
> Looking for an amazing job? Visit the Level Up hiring platform

“As software eats the world, and more and more apps are interconnected and run by AI-agents faster than a human can think; people and systems can connect together and set boundaries for one another, through seamless human experiences that evoke trust and enable greater and faster connectivity.”

What does your company do? What attracted you to the idea?

Fullstack permissions as a service — we enable developers to bake in permissions and access control into their products within minutes, and scale and update policies on the fly. This allows them to focus on actually building their core product.

In my previous venture (Rookout) I ended up rebuilding access-control five times, for a product that wasn’t even three years old. It drove me crazy — so together with my co-founder Asaf, we decided to solve this once and for all.

How do the permissions work? Does it require an SDK?

The focus is mostly on the backend. Authorization can’t be done on the frontend for obvious security reasons. We provide a container that bundles together OPA, OPAL, and an API service. We strongly believe in open source software and contribute to it by creating OPAL and utilizing OPA.​​

For authorization to work, we only need three pieces of information: identity, resource, and action. It says “this user is using this resource in this way.”

When a customer pays for something, it’s in a third-party system like Stripe. You want all these changes to propagate quickly to your authorization microservice. For a small or newer company, this whole flow can be set up in 15 minutes. A very large company could migrate in only about one month.

The microservice for decisions runs on their side because of latency. It’s ideally a sidecar, so it’s done through memory and without latency.

Getting started can be done in a couple of minutes where you define actions that users can take and then it propagates to all the microservices. We have an extension free tier where you can get up to 1k users.

Then to use it, it’s dead simple. See below for the before and after.

Before:

After:

What technology stack do you use, and why did you choose this stack?

AWS -> K8s -> Python, Go -> React
We love to stick to best practices, and love elasticity and dev velocity.

With OPAL, we wanted to be extensible. We want to bring data from different sources, so we used a small Python module. Authorization queries must be very quick, so we chose Go.

What does a typical day look like for you?

Chaotic, as a co-founder. It almost always contains a mix of talking to fellow engineers about the challenges of modern AuthZ and helping customers and OSS users face them.

These days, my time is spent working with customers and the team. I connect with customers or engage with the market — interviews, conferences, tweeting, blogging, etc.

I don’t do as much hands-on coding after launching and growing. A CEO is switching between a thousand different things. You don’t get to sink down into a single problem and solve it.

How did you first get into software development?

At the age of five, my sister taught me some DOS commands. My family bought a computer early on. I wanted to run different games which back then, you had to install and enter commands just to get it to work. This also taught me English as well as working with commands on computers. At the time, something like Visual Basic seemed amazing and blooming, but now we see that’s been surpassed. I was hooked and kept growing from there.

My significant leap forward was being drafted into the army and joining a unit called 8200. We were literally in life and death software, and you learn to write good software that is bulletproof (as much as possible). In one instance, we only had 4 chances to successfully deploy our software or people would die. It’s a complex system and the first deployment didn’t work. It was a lot of pressure, and we had to figure out each and every step. This is in contrast to cloud-native software today where we can be iterative. It taught me a sense of really understanding exactly what my code does and how it will break.

After finishing my service, I spent significant time working in cybersecurity.

You have been through a lot of different programming languages and technological shifts — how do you stay up to date?

It mostly happened naturally. After the army, I moved into cloud-based development and microservices. These were leaps I had to make, and I enjoyed diving into the new technologies. As frontend devs know, the web evolves quickly as well. I started with Angular 2 and noticed the shortfalls, so I moved to React. I saw what worked and what was lacking and moved to what felt right and most natural.

What makes your company unique?

We focus on empathy and human experiences, for example:

  1. We understand developers don’t just want cool tech — APIs and infrastructure — they want to be able to focus on their core product and want the permission problem (which isn’t unique to any product) off their table, not just partially solved.
  2. We understand it’s not just about empowering developers but all the rest of the organization through them.

Is there anything interesting about your company or culture you would like to share?

Our core values and philosophy: Together in the trenches, shoulder to shoulder, charging independently forward, covering each other’s backs.
Inspired by my time in unit 8200.

What are the most exciting parts of working at your company?

  1. As developers, we solve our own (and our colleagues’) pain points through empathy and true understanding and relating.
  2. Impacting one of the most critical spaces in modern software — IAM and Permissions

What are some of the most interesting problems you’re solving?

  • With OPAL, our OSS, we solved the really hard problem of keeping live distributed applications up to date with their distributed data plane — through a unique real-time event-driven websocket pub/sub channel
  • OPAL also works as a stepping stone and bridgehead to connect between graph-based policy engines (such as Google Zanzibar) and code-based engines (such as OPA)
  • We created RBAC and ABAC interfaces so simple that anyone can use, while still at the end creating policy as code and allowing to manage it in Git
  • We allow users to create and switch between policy models (such as RBAC and ABAC) without even having to fully understand what they mean, and without having to refactor their code.

What will the world look like once your company achieves its vision?

As software eats the world, and more and more apps are interconnected and run by AI-agents faster than a human can think; people and systems can connect together and set boundaries for one another, through seamless human experiences that evoke trust and enable greater and faster connectivity.

If you don’t achieve your vision, what will the world miss out on?

Not really an option — it’s a must — either we do it or someone else does.
Without it, the world economy would screech to a halt, unable to keep up with the speed of its own accelerating technology.

Are there any technologies or tools you’re playing around with right now that you’re excited about?

Github Co-pilot, Google Zanzibar, Mini-DAL-E

It looks like a lof AI and AI assistants, what draws you to these?

The inevitable aspect of AI is coming. It’s going to proliferate and fill up the entire space. Most professions are going to be dramatically changed by AI while also creating brand new AI career paths. Jobs will be created, such as prompt developers or prompt designers.

With what I’m working on with permissions, that’s going to be part of the challenge we need to face. “What are the permissions my AI agent can take on my behalf in this third-party application?” Understanding this will be very hard to do and require a lot of simplifying so our permissions can work with AI and deliver trust and good experiences. It’s my responsibility to solve these challenges.

Describe your computer hardware setup

Mac book pro; logitech keys and mouse; 2 DELL 24” screens

Describe your computer software setup

VSCode, Docker, Slack, Chrome, Gmail

Are you hiring and for what roles?

Fullstack Dev, Dev Advocate, Marketing Director

We are hybrid by default. We have an office in Tel Aviv, but people can choose if they work from the office or at home. We have team members all over the world and are always looking to meet the best talent.

Where can we go to learn more?

Level Up Coding

Level Up is a community of 3 million monthly developers (learn more and follow or read more interviews). We also work with the best startups and most innovative tech companies 🔥

We also provide free tools for developers to grow their careers: Coding interview course, automatic resume builder, portfolio API

Follow us on Twitter and LinkedIn

How we solve one of the most fundamental challenges in software: permissions and access-control was originally published in Level Up Coding on Medium, where people are continuing the conversation by highlighting and responding to this story.


This content originally appeared on Level Up Coding - Medium and was authored by Trey Huffine

An Interview with Permit.io’s CEO and Co-Founder, Or Weis

In this week’s interview, I sat down with Or Weis, the CEO and co-founder of Permit.io. He shares his vision for the future of creating secure applications and how his company provides a simple and powerful solution to one of the most common challenges in software by providing a low-code interface for permissions and access-control.

When you see Permit for the first time, you wonder how a solution like this didn’t already exist in the market. It drastically simplifies how we build apps while also making them more secure. The best part about Permit — it’s entirely based around opens source software.

> Want your company interviewed in Level Up Coding? Fill out this form
> Looking for an amazing job? Visit the Level Up hiring platform
“As software eats the world, and more and more apps are interconnected and run by AI-agents faster than a human can think; people and systems can connect together and set boundaries for one another, through seamless human experiences that evoke trust and enable greater and faster connectivity.”

What does your company do? What attracted you to the idea?

Fullstack permissions as a service — we enable developers to bake in permissions and access control into their products within minutes, and scale and update policies on the fly. This allows them to focus on actually building their core product.

In my previous venture (Rookout) I ended up rebuilding access-control five times, for a product that wasn’t even three years old. It drove me crazy — so together with my co-founder Asaf, we decided to solve this once and for all.

How do the permissions work? Does it require an SDK?

The focus is mostly on the backend. Authorization can’t be done on the frontend for obvious security reasons. We provide a container that bundles together OPA, OPAL, and an API service. We strongly believe in open source software and contribute to it by creating OPAL and utilizing OPA.​​

For authorization to work, we only need three pieces of information: identity, resource, and action. It says “this user is using this resource in this way.”

When a customer pays for something, it’s in a third-party system like Stripe. You want all these changes to propagate quickly to your authorization microservice. For a small or newer company, this whole flow can be set up in 15 minutes. A very large company could migrate in only about one month.

The microservice for decisions runs on their side because of latency. It’s ideally a sidecar, so it’s done through memory and without latency.

Getting started can be done in a couple of minutes where you define actions that users can take and then it propagates to all the microservices. We have an extension free tier where you can get up to 1k users.

Then to use it, it’s dead simple. See below for the before and after.

Before:

After:

What technology stack do you use, and why did you choose this stack?

AWS -> K8s -> Python, Go -> React
We love to stick to best practices, and love elasticity and dev velocity.

With OPAL, we wanted to be extensible. We want to bring data from different sources, so we used a small Python module. Authorization queries must be very quick, so we chose Go.

What does a typical day look like for you?

Chaotic, as a co-founder. It almost always contains a mix of talking to fellow engineers about the challenges of modern AuthZ and helping customers and OSS users face them.

These days, my time is spent working with customers and the team. I connect with customers or engage with the market — interviews, conferences, tweeting, blogging, etc.

I don’t do as much hands-on coding after launching and growing. A CEO is switching between a thousand different things. You don’t get to sink down into a single problem and solve it.

How did you first get into software development?

At the age of five, my sister taught me some DOS commands. My family bought a computer early on. I wanted to run different games which back then, you had to install and enter commands just to get it to work. This also taught me English as well as working with commands on computers. At the time, something like Visual Basic seemed amazing and blooming, but now we see that’s been surpassed. I was hooked and kept growing from there.

My significant leap forward was being drafted into the army and joining a unit called 8200. We were literally in life and death software, and you learn to write good software that is bulletproof (as much as possible). In one instance, we only had 4 chances to successfully deploy our software or people would die. It’s a complex system and the first deployment didn’t work. It was a lot of pressure, and we had to figure out each and every step. This is in contrast to cloud-native software today where we can be iterative. It taught me a sense of really understanding exactly what my code does and how it will break.

After finishing my service, I spent significant time working in cybersecurity.

You have been through a lot of different programming languages and technological shifts — how do you stay up to date?

It mostly happened naturally. After the army, I moved into cloud-based development and microservices. These were leaps I had to make, and I enjoyed diving into the new technologies. As frontend devs know, the web evolves quickly as well. I started with Angular 2 and noticed the shortfalls, so I moved to React. I saw what worked and what was lacking and moved to what felt right and most natural.

What makes your company unique?

We focus on empathy and human experiences, for example:

  1. We understand developers don’t just want cool tech — APIs and infrastructure — they want to be able to focus on their core product and want the permission problem (which isn’t unique to any product) off their table, not just partially solved.
  2. We understand it’s not just about empowering developers but all the rest of the organization through them.

Is there anything interesting about your company or culture you would like to share?

Our core values and philosophy: Together in the trenches, shoulder to shoulder, charging independently forward, covering each other’s backs.
Inspired by my time in unit 8200.

What are the most exciting parts of working at your company?

  1. As developers, we solve our own (and our colleagues') pain points through empathy and true understanding and relating.
  2. Impacting one of the most critical spaces in modern software — IAM and Permissions

What are some of the most interesting problems you’re solving?

  • With OPAL, our OSS, we solved the really hard problem of keeping live distributed applications up to date with their distributed data plane — through a unique real-time event-driven websocket pub/sub channel
  • OPAL also works as a stepping stone and bridgehead to connect between graph-based policy engines (such as Google Zanzibar) and code-based engines (such as OPA)
  • We created RBAC and ABAC interfaces so simple that anyone can use, while still at the end creating policy as code and allowing to manage it in Git
  • We allow users to create and switch between policy models (such as RBAC and ABAC) without even having to fully understand what they mean, and without having to refactor their code.

What will the world look like once your company achieves its vision?

As software eats the world, and more and more apps are interconnected and run by AI-agents faster than a human can think; people and systems can connect together and set boundaries for one another, through seamless human experiences that evoke trust and enable greater and faster connectivity.

If you don’t achieve your vision, what will the world miss out on?

Not really an option — it’s a must — either we do it or someone else does.
Without it, the world economy would screech to a halt, unable to keep up with the speed of its own accelerating technology.

Are there any technologies or tools you’re playing around with right now that you’re excited about?

Github Co-pilot, Google Zanzibar, Mini-DAL-E

It looks like a lof AI and AI assistants, what draws you to these?

The inevitable aspect of AI is coming. It’s going to proliferate and fill up the entire space. Most professions are going to be dramatically changed by AI while also creating brand new AI career paths. Jobs will be created, such as prompt developers or prompt designers.

With what I’m working on with permissions, that’s going to be part of the challenge we need to face. “What are the permissions my AI agent can take on my behalf in this third-party application?” Understanding this will be very hard to do and require a lot of simplifying so our permissions can work with AI and deliver trust and good experiences. It’s my responsibility to solve these challenges.

Describe your computer hardware setup

Mac book pro; logitech keys and mouse; 2 DELL 24” screens

Describe your computer software setup

VSCode, Docker, Slack, Chrome, Gmail

Are you hiring and for what roles?

Fullstack Dev, Dev Advocate, Marketing Director

We are hybrid by default. We have an office in Tel Aviv, but people can choose if they work from the office or at home. We have team members all over the world and are always looking to meet the best talent.

Where can we go to learn more?

Level Up Coding

Level Up is a community of 3 million monthly developers (learn more and follow or read more interviews). We also work with the best startups and most innovative tech companies 🔥

We also provide free tools for developers to grow their careers: Coding interview course, automatic resume builder, portfolio API

Follow us on Twitter and LinkedIn

How we solve one of the most fundamental challenges in software: permissions and access-control was originally published in Level Up Coding on Medium, where people are continuing the conversation by highlighting and responding to this story.


This content originally appeared on Level Up Coding - Medium and was authored by Trey Huffine


Print Share Comment Cite Upload Translate Updates
APA

Trey Huffine | Sciencx (2022-07-11T12:12:25+00:00) How we solve one of the most fundamental challenges in software: permissions and access-control. Retrieved from https://www.scien.cx/2022/07/11/how-we-solve-one-of-the-most-fundamental-challenges-in-software-permissions-and-access-control/

MLA
" » How we solve one of the most fundamental challenges in software: permissions and access-control." Trey Huffine | Sciencx - Monday July 11, 2022, https://www.scien.cx/2022/07/11/how-we-solve-one-of-the-most-fundamental-challenges-in-software-permissions-and-access-control/
HARVARD
Trey Huffine | Sciencx Monday July 11, 2022 » How we solve one of the most fundamental challenges in software: permissions and access-control., viewed ,<https://www.scien.cx/2022/07/11/how-we-solve-one-of-the-most-fundamental-challenges-in-software-permissions-and-access-control/>
VANCOUVER
Trey Huffine | Sciencx - » How we solve one of the most fundamental challenges in software: permissions and access-control. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2022/07/11/how-we-solve-one-of-the-most-fundamental-challenges-in-software-permissions-and-access-control/
CHICAGO
" » How we solve one of the most fundamental challenges in software: permissions and access-control." Trey Huffine | Sciencx - Accessed . https://www.scien.cx/2022/07/11/how-we-solve-one-of-the-most-fundamental-challenges-in-software-permissions-and-access-control/
IEEE
" » How we solve one of the most fundamental challenges in software: permissions and access-control." Trey Huffine | Sciencx [Online]. Available: https://www.scien.cx/2022/07/11/how-we-solve-one-of-the-most-fundamental-challenges-in-software-permissions-and-access-control/. [Accessed: ]
rf:citation
» How we solve one of the most fundamental challenges in software: permissions and access-control | Trey Huffine | Sciencx | https://www.scien.cx/2022/07/11/how-we-solve-one-of-the-most-fundamental-challenges-in-software-permissions-and-access-control/ |

Please log in to upload a file.



There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.

Related Posts