Software Engineering Radio - the podcast for professional software developers

SE Radio 664: Emre Baran and Alex Olivier on Stateless Decoupled Authorization Frameworks

23 snips
Apr 15, 2025
Emre Baran, CEO of Cerbos and veteran in B2B and B2C products, teams up with Alex Olivier, CPO of Cerbos with a diverse tech background, to explore stateless decoupled authorization frameworks. They clarify key terms and address the challenges and benefits of these systems. A deep dive into Cerbos showcases its advantages over Open Policy Agent. The duo discusses the intricacies of applying YAML for policy management and the critical role of audit logs in compliance. They wrap up with insights into emerging trends in authorization.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

Authentication vs. Authorization

  • Authentication confirms identity and attributes, like roles.
  • Authorization determines if an authenticated identity has permission to perform an action.
ANECDOTE

Passport Control Analogy

  • Your passport authenticates you at border control.
  • Authorization determines your entry based on visa status, funds, etc.
INSIGHT

Authorization Models

  • Authorization models like RBAC use roles to control access.
  • ABAC uses attributes like user, resource, and context for finer control.
Get the Snipd Podcast app to discover more snips from this episode
Get the app