Alex Olivier

Un-complicate authorization maintenance

Is your authorization logic a tangled mess of spaghetti code? Learn how to decouple it into a central service and manage permissions as versioned code.

Un-complicate authorization maintenance
#1about 2 minutes

Differentiating between authentication and authorization

Authentication verifies a user's identity, while authorization determines what actions that verified user is allowed to perform.

#2about 15 minutes

How authorization logic evolves into spaghetti code

As a product grows, simple role checks escalate into complex, hardcoded logic for packaging, regions, enterprise features, and compliance, creating a maintenance bottleneck.

#3about 2 minutes

Why microservices exacerbate authorization maintenance issues

In a microservices architecture, authorization logic must be re-implemented and maintained across multiple services, languages, and teams, increasing complexity and risk.

#4about 5 minutes

A modern approach using a decoupled authorization service

Decoupling authorization logic into a central, policy-based service separates it from application code, enabling independent evolution and management.

#5about 8 minutes

Implementing decoupled authorization with the sidecar pattern

Deploying the authorization service as a sidecar in Kubernetes co-locates it with your application for low-latency checks while keeping the logic centralized.

#6about 3 minutes

Evaluating the advantages and disadvantages of decoupling

Decoupling provides centralized logic, language agnosticism, and consistent audit trails, but requires managing an additional service and potentially learning a new DSL.

#7about 1 minute

Using the open source project Cerbos for authorization

Cerbos is an open-source, self-hosted authorization service that implements the decoupled, policy-based approach for managing complex permissions.

#8about 19 minutes

Answering audience questions on authorization best practices

The discussion covers implementing authorization at different OSI layers, ensuring changes are tested, identifying complexity, and handling compromised credentials.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

The challenges of embedding authorization in application code
01:51 MIN

The challenges of embedding authorization in application code

Decoupled Authorization using Policy as Code

Introducing Policy as Code and Open Policy Agent
04:57 MIN

Introducing Policy as Code and Open Policy Agent

Decoupled Authorization using Policy as Code

Exploring other use cases for OPA beyond web APIs
29:05 MIN

Exploring other use cases for OPA beyond web APIs

Decoupled Authorization using Policy as Code

Demonstrating dynamic permission rule enforcement
22:42 MIN

Demonstrating dynamic permission rule enforcement

Build Delightful Mobile Experiences with Kotlin, Realm, and Atlas Device Sync

Centralizing security services in a Kubernetes ecosystem
22:09 MIN

Centralizing security services in a Kubernetes ecosystem

DevSecOps: Security in DevOps

Live demo of a full-stack RBAC implementation
27:35 MIN

Live demo of a full-stack RBAC implementation

Full-stack role-based authorization in 45 minutes

Why traditional RBAC fails for RAG systems
06:52 MIN

Why traditional RBAC fails for RAG systems

Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue

Shifting from full-stack audits to additive governance
29:19 MIN

Shifting from full-stack audits to additive governance

DevSecOps: Security in DevOps

Featured Partners

Related Videos

See all videos
Decoupled Authorization using Policy as Code32:16

Decoupled Authorization using Policy as Code

Anderson Dadario & Denys Vitali

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Security Challenges of Breaking A Monolith45:19

Security Challenges of Breaking A Monolith

Reinhard Kugler

Break the Chain: Decentralized solutions for today’s Web2.0 privacy problems29:31

Break the Chain: Decentralized solutions for today’s Web2.0 privacy problems

Adam Larter

You can’t hack what you can’t see29:34

You can’t hack what you can’t see

Reto Kaeser

DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Policy as [versioned] code - you're doing it wrong45:57

Policy as [versioned] code - you're doing it wrong

Chris Nesbitt-Smith

From learning to earning

Jobs that call for the skills explored in this talk.