original address:Authorization on Rails (Ep. 540) (opens new window)

Sam Scott, cofounder and CTO of Oso, joins the home team to talk about what makes authorization a challenge, the difference between authentication and authorization, and what zombies taught him about web development.

Episode notes:

Oso (opens new window) is authorization as a service. Check out the docs (opens new window) or explore use cases (opens new window).

Sam’s post “Why Authorization is Hard (opens new window)” covered what makes authorization challenging, some approaches to solving it, and their associated tradeoffs. You can also watch Sam’s talk (opens new window) at PyCon US 2022. Since it’s impossible to address everything that makes authorization hard in just 5,000 words, Sam is currently at work on a follow-up article called “Why Authorization is Hard Part II.”

Sam first learned web development via Rails for Zombies (opens new window), a beginner-level Rails course. In creating Oso, he tasked himself with “putting rails on authorization.”

ICYMI: Read Sam’s post about best practices for securing REST APIs (opens new window) or listen to his previous podcast appearance, where we talked about how Oso makes security easier for developers (opens new window).

Find Sam on LinkedIn (opens new window) or GitHub (opens new window).

Today’s Lifeboat badge (opens new window) winner is OscarRyz (opens new window) for their answer to I am trying to solve ’15 puzzle’, but I get ‘OutOfMemoryError’ (opens new window).

TRANSCRIPT (opens new window)