Everyone’s talking about Zanzibar, and it’s easy to understand why. It handles authorization for Google, so surely it can handle it for you and me. But at what cost? And does that mean that it’s the right solution for the rest of us?

Relationship-based access control (ReBAC) is an authorization pattern where permissions are derived from relationships between resources. In this blog post, you will learn how to implement ReBAC in Node.js with Oso Cloud

A guide on how to POC authorization as a service products and a framework for running the evaluation process.

Introduction to Local Policy Testing with Oso Cloud

In ABAC, access control decisions are made by evaluating various attributes and policies, allowing for more fine-grained and flexible access control than traditional models like role-based access control (RBAC)

There are three key decisions in handling authorization data: storing the data, accessing the data, and modeling the data.

Implement Role Based Access Control (RBAC) and Relationship Based Access Control (ReBAC) in Oso instead of Node.js

There's a fundamental tension in authorization. Is it business logic or authorization logic? Should it be in the app, or separate? Let’s talk about what makes authorization hard, some of the approaches for solving it, and the associated tradeoffs.

Despite the fact that authorization is a problem as old as software, it’s core to just about no one’s domain. So most people are looking for a Rails-like experience. So, an authorization system needs to be opinionated but flexible – opinionated to get you from zero to best practices quickly, but flexible to support all the things *your* app needs.

As Oso’s first developer experience engineer, Corey Ashby, walks through creating a functional sample application using Oso Cloud.

how to use Kubernetes Authorization webhooks to defer authorization decisions to Oso Cloud, a fully-managed authorization service.

An overview of different patterns for building authorization in GraphQL

Nearly every application needs to enable its users to see only their data. Many other applications go further and add more controls, like sharing, or making some content private and public. In this post, use Django and django-oso to build a simple social app that allows users to share posts, like Twitter. Our app will use oso to implement access control for posts.

Oso is an authorization library that includes a declarative policy language. OPA is an authorization product that includes a declarative policy language. Despite that, there are many significant differences between the two! Here's a comparison.

A configuration-based approach to adding role-based access control to your Ruby application.

Our next "Tea with Sam" will cover a hot topic: Zanzibar, Google's consistent, global authorization system. Watch Oso Cofounder/CTO, Sam Scott, implement Zanzibar in <60 minutes live on Twitch.

We’ll demonstrate a few ways of modeling role-based access control in Python and SQLAlchemy. The first few examples will be in plain SQLAlchemy, with no other libraries. For more complex examples we’ll show off using Oso for managing role authorization schemes

Demo: A Principled Approach to Authorization using Python & SQLAlchemy

Oso cofounder/CTO Sam Scott led a talk at the recent Austin Python meetup on authorization patterns for GraphQL using Oso and the Python Graphene library.

Oso cofounder/CTO Sam Scott led a talk at on authorization patterns in Node.js applications, and fast and secure ways to implement them in a sample B2B SaaS application.

RBAC and ABAC are terms that security teams commonly throw around when discussing authorization and permissions systems. When building access control in an app, the common misunderstanding is that it's an "either/or" — that it's a decision between RBAC or ABAC — when in fact most applications want for both access control models. In this post, learn about RBAC and ABAC and how combine both models in practice.

Learn how to add Role-Based Access Control (RBAC) with SQLAlchemy, using a GitHub clone example app.

Use oso's policy engine to build an authorization solution that integrates directly with GraphQL, using Graphene, SQLAlchemy, & Flask.

Our Cofounder/CTO Sam Scott led a talk on common access control patterns in Python/Django and how to implement them into a sample B2B SaaS application.

At Oso, our goal is to enable users to cleanly separate authorization logic from the rest of their application code. This separation is particularly challenging to achieve for list endpoints that return multiple records. When we started thinking about list views, we realized a single yes or no authorization result was not sufficient because it only enables filtering a collection of records that are already in the application. In this post, we will discuss a solution that allows authorization rules to output filters that can be evaluated more efficiently at the data retrieval layer.