Company Updates & Technology Articles
Welcome to Modern Authorization
Why we started Aserto: the missing developer API for application authorization.
OAuth2 Scopes are NOT Permissions
OAuth2 scopes were never intended to be an authorization mechanism, and indeed are a bad idea when used as a substitute for a real authorization architecture.
Authentication != Authorization
Authentication is a solved problem. But authorization remains a far bigger problem, and is far from solved.
The Five Principles of Authorization
Five principles that any developer solution for application authorization should adhere to.
Why separate policy from your code?
Embedding your authorization logic inside your application is a constant source of pain. Separating policy from code brings many benefits.
Authorization is Broken
Authorization for SaaS applications is painful for developers, administrators, SecOps, and compliance. It's time to fix this!