はてなブックマーク

Concepts. Architecture. Best Practices. A series of technical guides for building application authorization. Authorization is a critical element of every application, but the problem is: there’s limited concrete material available for developers on how to build authorization into your app. To help developers build these systems and features, we built Authorization Academy.

How we built a VS Code extension with Rust, WebAssembly, and TypeScript We build Oso, a batteries-included framework for building authorization in your application. At the core of Oso is Polar, a declarative language for writing authorization policies. While someday we’ll release a feature that lets a fully-sentient Oso write your authorization policy for you, in the interim we thought it would be

Feb 2023 Update: Since writing this post in 2021, we've built, released, and GA-ed Oso Cloud: our opinionated solution for authorization. Two years ago, my cofounder and I started building security tools for infrastructure. We kept hearing that application developers were building their own homegrown authorization tools. At first we were a little skeptical. People have been building authorization

Oso is authorization as a service, like LaunchDarkly is feature flags as a service or Auth0 is authentication as a serviceOso exposes an API that can answer any permissions question, like:Can user X perform action Y on resource Z?List the resources can user P perform action Q on?Why did user X get access to resource Y?