Product pulse #2 - Edge Authorizer user interface enhancements, Ruby SDK, and a new Citadel demo identity provider
Aug 11th, 2022
Mustafa Branch
Feature Review
We’re excited to share a few of the new product improvements and the implications for you, our end users. You can now interact with Edge Authorizers using the Aserto console, use our Ruby SDK to easily wire up your Ruby / Rails apps to Aserto, and test access control policies against the new lightweight Citadel identity provider. Let us know what you think!
Managing Edge Authorizers using the Aserto Console
You can now manage Aserto Edge Authorizers with these methods: API (via API keys), Command Line Interface (CLI), or the Authorizers tab in the Aserto Console.
To connect your Edge Authorizer to the Aserto control plane, you first need to create an edge authorizer connection via the Connections tab in the Console:
Using the Aserto CLI, configure a policy that will run in the Edge Authorizer, which uses the connection we just created in order to establish a secure mTLS connection to the control plane:
# list edge connections and find the <edge-authorizer-connection-id>
aserto p list-connections
# configure a policy to use the edge authorizer connection
aserto x configure <policy-name> --edge-authorizer <edge-authorizer-connection-id>
# start the edge authorizer and connect it to the control plane
aserto x start <policy-name>
The Authorizers tab will show any edge authorizers that are connected to the control plane:
In addition to viewing edge authorizer instances, you can now interact with these edge authorizers in the following ways:
- Refresh mutual Transport Layer Security (mTLS) certificates at the click of a button from the Connections tab
- Instantly update the policy image that is running at the edge by binding the policy to a new tagged image (or pushing a new image tagged “latest” if you’re bound to the latest tag)
- Automatically push directory changes to your edge authorizer instances (or by selecting the “Sync Edge Directory” action for that instance)
A new Ruby / Rack / Rails SDK, middleware, and samples
Now Ruby developers that use Rack and/or Rails can easily add Aserto’s access control to their applications. The SDK and middleware allow you to easily connect Aserto to your existing Ruby application and start writing access control policies while leveraging your existing Ruby syntax and skillset. We’ll continue to add support for more of your favorite languages and frameworks.
Our sample “Todo” app now has a Ruby implementation, and the Quickstarts have been updated to include Ruby support as well.
Check out our Ruby documentation here.
A new identity provider for testing policies
We’ve added a new, lightweight IDP to Aserto, which you can leverage to test policies. In addition to the 272-user Acmecorp IDP that you can find in the PeopleFinder quickstart, there is now a new Citadel IDP with just five users to enable quick development and testing of access control policies. The Citadel is Rick and Morty-themed and contains Rick, Morty, and the rest of the Smiths.
Test it out by following this tutorial on building access control for a Node.js to-do app.
Conclusion
Pushing out new identity providers, more SDKs, and new ways to control Edge Authorizers is a lot of work. These improvements aim to make the experience of working with Aserto as secure and straightforward as possible. Everything we build is meant to make adding fine-grained authorization easy for developers like yourself, so any feedback you have about Aserto would be widely appreciated.
We'll be back next month with another product pulse post. In the meanwhile, catch up on other updates in last month's product pulse.
Mustafa Branch
Related Content
Product pulse #3 - The new Aserto Directory, CLI updates and Decision Logs from the Edge Authorizer
We have released a new version of the directory which supports ReBAC, and we’ve made several updates to our CLI to make it easier to interact with the authorizer and create policies for OpenAPI-based services. Additionally, decision logs can now be relayed from edge authorizers to the control plane.
Sep 15th, 2022
Product Pulse #4: New directory and authorizer, evaluator, and more!
Over the past weeks we've rolled out a new version of our authorizer and directory. We’ve added the ability to support data-first ReBAC models and test permissions and relations between objects and subjects. And we've simplified user management for Aserto Organization admins.
Mar 1st, 2023
Product Pulse #5: Graph Visualizer, Java SDK, and new self-hosted options
Over the past several weeks we’ve rolled out a few new features and enhancements to, including a graphical visualization of our directory graph, first-class support for Java backends, self-hosted options for the Aserto Console and Aserto Directory.
Jun 13th, 2023