Alex Olivier

Un-complicate authorization maintenance

Is your authorization logic a tangled mess of spaghetti code? Learn how to decouple it into a central service and manage permissions as versioned code.

Un-complicate authorization maintenance
#1about 2 minutes

Differentiating between authentication and authorization

Authentication verifies a user's identity, while authorization determines what actions that verified user is allowed to perform.

#2about 15 minutes

How authorization logic evolves into spaghetti code

As a product grows, simple role checks escalate into complex, hardcoded logic for packaging, regions, enterprise features, and compliance, creating a maintenance bottleneck.

#3about 2 minutes

Why microservices exacerbate authorization maintenance issues

In a microservices architecture, authorization logic must be re-implemented and maintained across multiple services, languages, and teams, increasing complexity and risk.

#4about 5 minutes

A modern approach using a decoupled authorization service

Decoupling authorization logic into a central, policy-based service separates it from application code, enabling independent evolution and management.

#5about 8 minutes

Implementing decoupled authorization with the sidecar pattern

Deploying the authorization service as a sidecar in Kubernetes co-locates it with your application for low-latency checks while keeping the logic centralized.

#6about 3 minutes

Evaluating the advantages and disadvantages of decoupling

Decoupling provides centralized logic, language agnosticism, and consistent audit trails, but requires managing an additional service and potentially learning a new DSL.

#7about 1 minute

Using the open source project Cerbos for authorization

Cerbos is an open-source, self-hosted authorization service that implements the decoupled, policy-based approach for managing complex permissions.

#8about 19 minutes

Answering audience questions on authorization best practices

The discussion covers implementing authorization at different OSI layers, ensuring changes are tested, identifying complexity, and handling compromised credentials.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

Building trust through honest developer advocacy
02:48 MIN

Building trust through honest developer advocacy

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Breaking down silos between HR, tech, and business
03:39 MIN

Breaking down silos between HR, tech, and business

What 2025 Taught Us: A Year-End Special with Hung Lee

Using AI agents to modernize legacy COBOL systems
06:28 MIN

Using AI agents to modernize legacy COBOL systems

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Selecting strategic partners and essential event tools
03:17 MIN

Selecting strategic partners and essential event tools

Cat Herding with Lions and Tigers - Christian Heilmann

The business case for sustainable high performance
03:34 MIN

The business case for sustainable high performance

Sustainable High Performance: Build It or Pay the Price

Featured Partners

Related Videos

See all videos
Decoupled Authorization using Policy as Code32:16

Decoupled Authorization using Policy as Code

Anderson Dadario & Denys Vitali

Keymate – Modern Authorization for Developers06:04

Keymate – Modern Authorization for Developers

Halil Özkan

Policy as [versioned] code - you're doing it wrong45:57

Policy as [versioned] code - you're doing it wrong

Chris Nesbitt-Smith

Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue23:29

Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue

Deepu

Full-stack role-based authorization in 45 minutes43:12

Full-stack role-based authorization in 45 minutes

Bartosz Pietrucha

Application Modernization Leveraging Gen-AI for Automated Code Transformation41:17

Application Modernization Leveraging Gen-AI for Automated Code Transformation

Syed M Shaaf

OPA for the cloud natives26:23

OPA for the cloud natives

Philipp Krenn

Delegating the chores of authenticating users to Keycloak23:42

Delegating the chores of authenticating users to Keycloak

Alexander Schwartz

Related Articles

View all articles

From learning to earning

Jobs that call for the skills explored in this talk.