Loading…

Authorization on Rails (Ep. 540)

Sam Scott, cofounder and CTO of Oso, joins the home team to talk about what makes authorization a challenge, the difference between authentication and authorization, and what zombies taught him about web development.

Article hero image

Sam Scott, cofounder and CTO of Oso, joins the home team to talk about what makes authorization a challenge, the difference between authentication and authorization, and what zombies taught him about web development.

Episode notes:

Oso is authorization as a service. Check out the docs or explore use cases.

Sam’s post “Why Authorization is Hard” covered what makes authorization challenging, some approaches to solving it, and their associated tradeoffs. You can also watch Sam’s talk at PyCon US 2022. Since it’s impossible to address everything that makes authorization hard in just 5,000 words, Sam is currently at work on a follow-up article called “Why Authorization is Hard Part II.”

Sam first learned web development via Rails for Zombies, a beginner-level Rails course. In creating Oso, he tasked himself with “putting rails on authorization.”

ICYMI: Read Sam’s post about best practices for securing REST APIs or listen to his previous podcast appearance, where we talked about how Oso makes security easier for developers.

Find Sam on LinkedIn or GitHub.

Today’s Lifeboat badge winner is OscarRyz for their answer to I am trying to solve '15 puzzle', but I get 'OutOfMemoryError'.

TRANSCRIPT

Login with your stackoverflow.com account to take part in the discussion.