Knowing who your authenticated user is and whether they have access to your application is one thing. Figuring out if they should be able to perform a certain action on a specific resource is another. Protecting our data and allowing users to only do what they should be allowed to do can become quite complex as your application grows. Luckily there are multiple authorization approaches available. Wondering what the best solution for your application is? Let’s find out how we can protect our content by using roles and permissions, or attribute based authorization all the way to fine grained authorization looking for relationships between the user, actions and resources.
In this talk we will go over some of the more common authorization approaches, starting with Role-Based Authorization, going to Attribute-Based Authorization and ending up with a fine-grained authorization solution using Relationship-Base Authorization. The audience does not need any specific knowledge about cryptography as this talk will go through the basics. Some programming knowledge can be useful but not necessary.