科技回声

8 条评论

twunde超过 3 年前

For anyone who wants to learn what a good authorization system looks like take a look at Tailscale's recent blog post: <a href="https://tailscale.com/blog/rbac-like-it-was-meant-to-be/" rel="nofollow">https://tailscale.com/blog/rbac-like-it-was-meant-to-be/</a>Really, if you're going to be selling to enterprise clients, you want an attribute-based authorization system. If you need help designing it, talk to your IT/Devops/SRE teams, they'll be able to complain about bad auth systems and what they'd want in an ideal world.

评论 #28589891 未加载

评论 #28590617 未加载

codeisawesome超过 3 年前

Interesting project, the post resonated, there are more architectural considerations here: <a href="https://docs.cerbos.dev/cerbos/0.6.0/index.html" rel="nofollow">https://docs.cerbos.dev/cerbos/0.6.0/index.html</a>

anthonydelage超过 3 年前

Even as a PdM, I've felt the pain here. Usually it manifests as, "we can't solve this user problem because the authorization controls to make this work are too complex."Looking forward to a world where this is a solved problem.Disclaimer: Im friends with the author of the post.

emreb超过 3 年前

CEO of Cerbos here - we'd love to hear about the other headaches everyone has faced. Authorization as we know it, isn't core to anyone's roadmap and we want to make it as easy as possible to meet the all the crazy requirements.We are building out examples of how to solve common use cases which you can find on <a href="https://cerbos.dev/" rel="nofollow">https://cerbos.dev/</a>

评论 #28590375 未加载

评论 #28593026 未加载

评论 #28589093 未加载

nhoughto超过 3 年前

Related and very interesting: <a href="https://news.ycombinator.com/item?id=28543457" rel="nofollow">https://news.ycombinator.com/item?id=28543457</a>Good to see more things happening in this space.

hamilyon2超过 3 年前

Access control is heart and mind of any business logic, is your backend system itself. You cannot outsource it, this is absurd.The main question is "what if it goes wrong?"

评论 #28591710 未加载

svnpenn超过 3 年前

Isn't this just reinventing OAuth?OAuth already has grant_type and "scope" to cover different devices, flows and permissions.

评论 #28590689 未加载

评论 #28591555 未加载

评论 #28591177 未加载

Jay1234超过 3 年前

Please can you help me on it, I want it

评论 #28591505 未加载

评论 #28591621 未加载

8 条评论

twunde超过 3 年前

评论 #28589891 未加载

评论 #28590617 未加载

codeisawesome超过 3 年前

anthonydelage超过 3 年前

emreb超过 3 年前

评论 #28590375 未加载

评论 #28593026 未加载

评论 #28589093 未加载

nhoughto超过 3 年前

hamilyon2超过 3 年前

Access control is heart and mind of any business logic, is your backend system itself. You cannot outsource it, this is absurd.The main question is "what if it goes wrong?"

评论 #28591710 未加载

svnpenn超过 3 年前

Isn't this just reinventing OAuth?OAuth already has grant_type and "scope" to cover different devices, flows and permissions.

The never-ending product requirements of user authorization

8 条评论

The never-ending product requirements of user authorization

8 条评论