Securing the Future of AI: Authorization Strategies for RAG Systems using LangChain4J and OpenFGA

Transcript

1. Securing the Future of AI Authorization Strategies for RAG Systems

   using LangChain4J and OpenFGA Deepu K Sasidharan

2. @auth0 | @deepu105 | deepu.tech ➔ JHipster co-chair ➔ Java

   Champion ➔ Creator of KDash, JDL Studio, JWT UI ➔ Developer Advocate @ Auth0 ➔ OSS aficionado, polyglot dev, author, speaker Hi, I’m Deepu K Sasidharan @[email protected] deepu.tech @deepu105.bsky.social deepu05

3. @auth0 | @deepu105 | deepu.tech The Current State of AI

   Security Agents, RAG and everything in between

4. @auth0 | @deepu105 | deepu.tech • Prompt Injection • Sensitive

   Information Disclosure • Supply Chain Attacks • Data and Model Poisoning • Improper Output Handling • Excessive Agency • System Prompt Leakage • Vector and Embedding Weaknesses • Misinformation • Unbounded Consumption OWASP LLM top 10

5. @auth0 | @deepu105 | deepu.tech • Prompt Injection • Sensitive

   Information Disclosure • Supply Chain Attacks • Data and Model Poisoning • Improper Output Handling • Excessive Agency • System Prompt Leakage • Vector and Embedding Weaknesses • Misinformation • Unbounded Consumption OWASP LLM top 10

6. @auth0 | @deepu105 | deepu.tech Identity Challenges for AI-Powered Applications

7. @auth0 | @deepu105 | deepu.tech Sensitive Information Disclosure

8. @auth0 | @deepu105 | deepu.tech How to prevent this?

9. @auth0 | @deepu105 | deepu.tech AuthZ

10. @auth0 | @deepu105 | deepu.tech Role-Based Access Control ?

11. @auth0 | @deepu105 | deepu.tech Security Challenges Dynamic Context Complex

    Relationships Granular Control Performance Requirements

12. @auth0 | @deepu105 | deepu.tech Relationship-Based Access Control (ReBAC) Fine

    Grained Authorization (FGA)

13. @auth0 | @deepu105 | deepu.tech OpenFGA a0.to/fga-event

14. @auth0 | @deepu105 | deepu.tech How does it work? FGA

    Store Authorization Model Relationship Tuples Check/ListObject/ListUser endpoints

15. @auth0 | @deepu105 | deepu.tech &/ Authorization Model model schema

    1.1 type document relations define viewer: [domain#member, user] define commenter: [domain#member, user] define editor: [domain#member, user] define owner: [domain#member, user] type domain relations define member: [user] type user &/ Relationship Tuple [{ "user": "user:anne", "relation": "editor", "object": "document:new-roadmap" }]

16. @auth0 | @deepu105 | deepu.tech Demo time

17. @auth0 | @deepu105 | deepu.tech

18. @auth0 | @deepu105 | deepu.tech Prerequisites Java 21 Gradle An

    FGA instance (OpenFGA or an Auth0 FGA store) A local Ollama instance or OpenAI API key

19. @auth0 | @deepu105 | deepu.tech # 1. Clone the repo

    git clone https:&/github.com/auth0-samples/auth0-ai-samples.git cd auth0-ai-samples/authorization-for-rag/langchain4j-java # 2. Run OpenFGA locally or setup Auth0 FGA client docker pull openfga/openfga && \ docker run -p 8080:8080 -p 8081:8081 -p 3000:3000 openfga/openfga run # 3. Add environment variables to .env file vi .env # Initialize FGA model and tuples # model # schema 1.1 # # type user # # type doc # relations # define owner: [user] # define viewer: [user, user:*] ./gradle runFGAInit # Run the application ./gradlew run

20. @auth0 | @deepu105 | deepu.tech Auth for GenAI Try the

    demo and join the waitlist a0.to/ai-event

21. @auth0 | @deepu105 | deepu.tech AI Content from Auth0 https://auth0.com/blog/ai/

22. @auth0 | @deepu105 | deepu.tech Thank You