Fine-grained authorization is essential for selling B2B SaaS into larger accounts. Here’s how to evolve your model to meet those requirements.

Fine-grained authorization: what’s all the buzz about?

Passing data into the decision engine is a critical design choice for a robust authorization system. Here are four common patterns, each with their own tradeoffs.

Handling data in OPA policies

A Docker-inspired workflow for OPA policies, now available at openpolicyregistry.io!

Introducing the Open Policy Registry (OPCR) project

Building awesome apps with OPA just got easier.

Composing OPA Solutions

How we've built Aserto's authorization model by "eating our own dogfood".

Aserto on Aserto: an OPA authorization policy for Aserto tenants

Figuring out how to version your project can be a pain... let sver do the hard work - producing versions that are unique, sortable, human readable, and semantically correct.


sver: easy semantic versioning of your artifacts

Rego is a declarative language for writing policies. Here are a few tips and tricks for how to get started reading and writing Rego.

Rego: getting started

Github's authorization model uses a combination of roles and scopes, which makes it hard to pre-compute a user's access ahead of time.

Addressing challenges with Github's authorization model

Unlike most developer APIs, authorization is in the critical path of every application request, and requires a different architecture.

The Architectural Challenge of Authorization

Why we started Aserto: the missing developer API for application authorization.

Welcome to Modern Authorization

OAuth2 scopes were never intended to be an authorization mechanism, and indeed are a bad idea when used as a substitute for a real authorization architecture.

OAuth2 Scopes are NOT Permissions

Authentication is a solved problem. But authorization remains a far bigger problem, and is far from solved.

Authentication != Authorization

Five principles that any developer solution for application authorization should adhere to.

The Five Principles of Authorization

Embedding your authorization logic inside your application is a constant source of pain. Separating policy from code brings many benefits.

Why separate policy from your code?

Authorization for SaaS applications is painful for developers, administrators, SecOps, and compliance. It's time to fix this!

Blog

Company Updates & Technology Articles

Fine-grained authorization: what’s all the buzz about?