Alex Olivier

May 8, 2024 • WeAreDevelopers LIVE

Un-complicate authorization maintenance

Is your authorization logic a tangled mess of spaghetti code? Learn how to decouple it into a central service and manage permissions as versioned code.

#1about 2 minutes

Differentiating between authentication and authorization

Authentication verifies a user's identity, while authorization determines what actions that verified user is allowed to perform.

#2about 15 minutes

How authorization logic evolves into spaghetti code

As a product grows, simple role checks escalate into complex, hardcoded logic for packaging, regions, enterprise features, and compliance, creating a maintenance bottleneck.

#3about 2 minutes

Why microservices exacerbate authorization maintenance issues

In a microservices architecture, authorization logic must be re-implemented and maintained across multiple services, languages, and teams, increasing complexity and risk.

#4about 5 minutes

A modern approach using a decoupled authorization service

Decoupling authorization logic into a central, policy-based service separates it from application code, enabling independent evolution and management.

#5about 8 minutes

Implementing decoupled authorization with the sidecar pattern

Deploying the authorization service as a sidecar in Kubernetes co-locates it with your application for low-latency checks while keeping the logic centralized.

#6about 3 minutes

Evaluating the advantages and disadvantages of decoupling

Decoupling provides centralized logic, language agnosticism, and consistent audit trails, but requires managing an additional service and potentially learning a new DSL.

#7about 1 minute

Using the open source project Cerbos for authorization

Cerbos is an open-source, self-hosted authorization service that implements the decoupled, policy-based approach for managing complex permissions.

#8about 19 minutes

Answering audience questions on authorization best practices

The discussion covers implementing authorization at different OSI layers, ensuring changes are tested, identifying complexity, and handling compromised credentials.

Andrew Comp
Cosio Valtellino, Italy

Intermediate

TypeScript

Cards Co

Remote

Intermediate

JavaScript

TypeScript

Name of

Remote

Intermediate

PHP

Java

+1

The challenges of embedding authorization in application code

03:06 MIN

The challenges of embedding authorization in application code

Decoupled Authorization using Policy as Code

The challenges of traditional in-code authorization logic

01:57 MIN

The challenges of traditional in-code authorization logic

Keymate – Modern Authorization for Developers

Externalizing authorization with service mesh and API gateways

00:53 MIN

Externalizing authorization with service mesh and API gateways

Keymate – Modern Authorization for Developers

Enhancing applications with observability and authorization

05:39 MIN

Enhancing applications with observability and authorization

30 powerful AWS hacks in just 30 minutes: Boost your developer productivity

Introducing Policy as Code and Open Policy Agent

06:29 MIN

Introducing Policy as Code and Open Policy Agent

Decoupled Authorization using Policy as Code

Enabling developer autonomy with GitOps and CRDs

04:16 MIN

Enabling developer autonomy with GitOps and CRDs

Software Engineering Social Connection: Yubo’s lean approach to scaling an 80M-user infrastructure

Exploring other use cases for OPA beyond web APIs

03:11 MIN

Exploring other use cases for OPA beyond web APIs

Decoupled Authorization using Policy as Code

Automating policy enforcement with admission controllers

01:21 MIN

Automating policy enforcement with admission controllers

Kubernetes Security Best Practices

Featured Partners

Decoupled Authorization using Policy as Code

Decoupled Authorization using Policy as Code

Anderson Dadario & Denys Vitali

about 5 years ago • WeAreDevelopers LIVE

Security Challenges of Breaking A Monolith

Security Challenges of Breaking A Monolith

Reinhard Kugler

about 4 years ago • WeAreDevelopers LIVE

Break the Chain: Decentralized solutions for today’s Web2.0 privacy problems

Break the Chain: Decentralized solutions for today’s Web2.0 privacy problems

Adam Larter

about 2 years ago • World Congress 2024

You can’t hack what you can’t see

You can’t hack what you can’t see

Reto Kaeser

about 5 years ago • WeAreDevelopers LIVE

Typed Security: Preventing Vulnerabilities By Design

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

about 2 years ago • WeAreDevelopers LIVE

DevSecOps: Security in DevOps

DevSecOps: Security in DevOps

Aarno Aukia

about 5 years ago • WeAreDevelopers LIVE

Keymate – Modern Authorization for Developers

Keymate – Modern Authorization for Developers

Halil Özkan

about 6 months ago • World Congress 2025

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR

Anna Bacher

about 5 years ago • WeAreDevelopers LIVE

Related Articles

View all articles

CH

Chris Heilmann

Dev Digest 150 - The shift to AI generated code, fingerprinting and OKRs vs. doing your job

It's time for the WeAreDevelopers Dev Digest roundup, and this time it's for edition #150!🤖 The shift from manual to AI-generated code🔥 Does AI code get better if you ask the LLM to “write better code”?🖖 Google’s new policy on fingerprinting👮♂️ You w...

Dev Digest 150 - The shift to AI generated code, fingerprinting and OKRs vs. doing your job

CH

Chris Heilmann

The Future of Open Source: A Deep Dive - Scott Chacon at WeAreDevelopers World Congress 2024

Scott gave us an exciting look into the future of open source in his talk at the WeAreDevelopers World Congress 2024! Discover how the community evolves, lessons from GitHub, and the challenges of today's open source landscape. Check out the video:He...

The Future of Open Source: A Deep Dive - Scott Chacon at WeAreDevelopers World Congress 2024

From Coding in Silence to Sharing Your Developer Journey - Coffee with Developers with Francesco Ciulla

IntroductionWelcome to another insightful conversation between experienced developers! In this post, we will document my discussion with Francesco Ciulla, an advocate developer at Daily Dev who is building his presence and sharing his journey through...

From Coding in Silence to Sharing Your Developer Journey - Coffee with Developers with Francesco Ciulla

CH

Chris Heilmann

Dev Digest 131 - AI'm not sure about OSS

News and ArticlesRust and Typescript are rising stars in programming languages 2024 survey, the State of CSS 2024 survey is open and here is what's new in ECMAScript.In security news, a Microsoft update bricks Linux dual-boot systems, they patched a ...

Dev Digest 131 - AI'm not sure about OSS

From learning to earning

Jobs that call for the skills explored in this talk.

Lead Backend Engineer (m/f/d)

Peter Park System GmbH
München, Germany

Senior

Python

Docker

Node.js

JavaScript

Senior Cloud Security Engineer

SMG Swiss Marketplace Group
Belgrade, Serbia

Senior

Senior Golang Engineer

SMG Swiss Marketplace Group
Belgrade, Serbia

Senior

Senior Golang Engineer (f|m|d) (80-100%) - Valbonne - Hybrid Work

SMG Swiss Marketplace Group
Canton de Valbonne, France

Senior

Fullstack Software Engineer among others with AWS/Typescript/React - Portal Access/LoggedIn Area

GULP Information Services GmbH

GIT

Next.js

TypeScript

AWS Lambda

Amazon DynamoDB

+1

Power Platform Entwickler

acoris AG

Remote

Fullstack Developer

Codara Group GmbH

Remote

Intermediate

GIT

Svelte

Next.js

TypeScript

+1

Senior Entwickler - Java Spring & Hibernate & Kubernetes & Microservices & Kafka

Cosonic GmbH

Remote

€60-80K

Senior

Docker

PostgreSQL

Kubernetes

+2

Software Architekt C++ / Kubernetes

Falken Group

Linux

DevOps

Docker

Kubernetes

Software Architecture

+1