Software Engineering Radio - the podcast for professional software developers SE Radio 664: Emre Baran and Alex Olivier on Stateless Decoupled Authorization Frameworks
23 snips
Apr 15, 2025 Emre Baran, CEO of Cerbos and veteran in B2B and B2C products, teams up with Alex Olivier, CPO of Cerbos with a diverse tech background, to explore stateless decoupled authorization frameworks. They clarify key terms and address the challenges and benefits of these systems. A deep dive into Cerbos showcases its advantages over Open Policy Agent. The duo discusses the intricacies of applying YAML for policy management and the critical role of audit logs in compliance. They wrap up with insights into emerging trends in authorization.
AI Snips
Chapters
Transcript
Episode notes
Authentication vs. Authorization
- Authentication confirms identity and attributes, like roles.
- Authorization determines if an authenticated identity has permission to perform an action.
Passport Control Analogy
- Your passport authenticates you at border control.
- Authorization determines your entry based on visa status, funds, etc.
Authorization Models
- Authorization models like RBAC use roles to control access.
- ABAC uses attributes like user, resource, and context for finer control.