Building awesome apps with OPA just got easier.
How we've built Aserto's authorization model by "eating our own dogfood".
Figuring out how to version your project can be a pain... let sver do the hard work - producing versions that are unique, sortable, human readable, and semantically correct.
Rego is a declarative language for writing policies. Here are a few tips and tricks for how to get started reading and writing Rego.
Github's authorization model uses a combination of roles and scopes, which makes it hard to pre-compute a user's access ahead of time.
Unlike most developer APIs, authorization is in the critical path of every application request, and requires a different architecture.
Why we started Aserto: the missing developer API for application authorization.
OAuth2 scopes were never intended to be an authorization mechanism, and indeed are a bad idea when used as a substitute for a real authorization architecture.
Authentication is a solved problem. But authorization remains a far bigger problem, and is far from solved.
Five principles that any developer solution for application authorization should adhere to.
Embedding your authorization logic inside your application is a constant source of pain. Separating policy from code brings many benefits.
Authorization for SaaS applications is painful for developers, administrators, SecOps, and compliance. It's time to fix this!