Everyone’s talking about Zanzibar, and it’s easy to understand why. It handles authorization for Google, so surely it can handle it for you and me. But at what cost? And does that mean that it’s the right solution for the rest of us?

Tyson Hoffman, Senior Software Engineer at Lumio shares how authorization started as a low priority for their application and how it’s evolved since then. They can now easily define permissions and help curb unintended access.

Relationship-based access control (ReBAC) is an authorization pattern where permissions are derived from relationships between resources. In this blog post, you will learn how to implement ReBAC in Node.js with Oso Cloud

A guide on how to POC authorization as a service products and a framework for running the evaluation process.

How do you know if buying authorization as a service is right for you?

Adam Lee, Lead Software Engineer at Chief, dives into authorizing data access patterns in their microservices architecture at Chief.

Introduction to Local Policy Testing with Oso Cloud

Reasons for migrating to Oso's authorization as a service platform including migrating from monolith to microservices, and centralizing and standardizing authorization.

An evaluation of Oso's declarative programming language Polar towards Turing-completeness using decision problems.

Will Gallego, Engineer at Jelli, Inc. dives into his authorization journey and using Oso Cloud to manage granular access control.

Oso is purpose-built for application authorization. OPA is a general-purpose policy engine. This affects how you use them for authorization.

Oso Bear of the Month is a series of interviews with developers in our community to connect and learn more about their authorization journey. We sat down with Jake Hawkes, Staff Engineer at Sibi, to connect and learn more about their authorization journey.

Find out how to handle authorization in microservices by sharing user role data and using it for permission checks everywhere.

In ABAC, access control decisions are made by evaluating various attributes and policies, allowing for more fine-grained and flexible access control than traditional models like role-based access control (RBAC)

We are serious about our responsibility to our customers. We're excited to announce two ways that demonstrate our commitment to that responsibility: SOC 2 Certification and Oso's client-side cache, Fallback.

Introducing the Oso Modeler, a tool for modeling authorization like RBAC, ABAC and ReBAC and everything in between.

There are three key decisions in handling authorization data: storing the data, accessing the data, and modeling the data.

Implement Role Based Access Control (RBAC) and Relationship Based Access Control (ReBAC) in Oso instead of Node.js

This is a guest post by Peadar Coyle, the Co-Founder and CTO of Aflorithmic, a generative AI audio company, on how he evolved his company's authorization and permissions system.

Authorization logic (like RBAC, ABAC or REBAC) governs who can do what in an application and is core to building authorization services.

Authorization for the next billion developers.

There's a fundamental tension in authorization. Is it business logic or authorization logic? Should it be in the app, or separate? Let’s talk about what makes authorization hard, some of the approaches for solving it, and the associated tradeoffs.

Despite the fact that authorization is a problem as old as software, it’s core to just about no one’s domain. So most people are looking for a Rails-like experience. So, an authorization system needs to be opinionated but flexible – opinionated to get you from zero to best practices quickly, but flexible to support all the things *your* app needs.

Today Oso Cloud, our supercharged authorization as a service, is generally available (GA).

A walkthrough on how to use Oso Cloud to build authorization in a GraphQL API.