Company Updates & Technology Articles
Addressing challenges with Github's authorization model
Github's authorization model uses a combination of roles and scopes, which makes it hard to pre-compute a user's access ahead of time.
The Architectural Challenge of Authorization
Unlike most developer APIs, authorization is in the critical path of every application request, and requires a different architecture.
Welcome to Modern Authorization
Why we started Aserto: the missing developer API for application authorization.
OAuth2 Scopes are NOT Permissions
OAuth2 scopes were never intended to be an authorization mechanism, and indeed are a bad idea when used as a substitute for a real authorization architecture.
Authentication != Authorization
Authentication is a solved problem. But authorization remains a far bigger problem, and is far from solved.
The Five Principles of Authorization
Five principles that any developer solution for application authorization should adhere to.
Why separate policy from your code?
Embedding your authorization logic inside your application is a constant source of pain. Separating policy from code brings many benefits.