Securing RAG Pipelines with Fine Grained Authorization

This talk explores using relationship-based access control (ReBAC) for fine-grained authorization in Retrieval-Augmented Generation (RAG) pipelines. It covers why authorization is critical, how Google Zanzibar implements ReBAC, efficient pre-filtering of data, and includes a demo using Pinecone, Langchain, OpenAI, and SpiceDB.

Sohan MaheshwarAuthZed

talkDetail.whenAndWhere

Friday, February 6, 10:20-11:05

Room B1

talks.description

Building enterprise-ready AI requires ensuring users can only augment prompts with data they're authorized to access. Relationship-based access control (ReBAC) is particularly well-suited for fine-grained authorization in Retrieval-Augmented Generation (RAG) because it makes decisions based on relationships between objects, offering more precise control compared to traditional models like RBAC and ABAC.

This talk covers how ReBAC systems can safeguard sensitive data in RAG pipelines. We'll start with why Authorization is critical for RAG pipelines, and how Google Zanzibar achieves this with ReBAC. We'll then illustrate how pre-filtering vector database queries with a list of authorized object IDs can improve efficiency & security. The talk will also include a demo implementing fine-grained authorization for RAG using Pinecone, Langchain, OpenAI, and SpiceDB.

rebac

rag

authorization

security

talks.speakers

Sohan Maheshwar

AuthZed

Netherlands

Sohan is a Lead Developer Advocate at AuthZed, based in the Netherlands. He started his career as a developer building mobile apps and has been living in the cloud since 2013, in companies such as Amazon, Fermyon and Gupshup. He is also an O' Reilly author, having created a course on Cloud Concepts for Everyone. He has always been interested in emerging technologies and how it shapes the world around us.

comments.title

comments.speakerNotEnabledComments