Talk: Authorization is hard! Implementing Authorization in Web Applications and APIs

After you solve the authentication and identity problem, you inevitably need to think about authorization. This is where things become a bit more complicated. Roles, permissions, resources, rules etc are all different ways to model authorization - and you typically end up building something very application specific (and then again for the next application). We sat down and brainstormed different ways to make that process easier and provide a common solution to authorization.

This talk is about patterns, anti-patterns and what we ultimately came up with. It will also include an announcement…