Devs! Let's Talk Authorization

Calling all software developers! As I embark on a new, exploratory work project, I’d like to hear your thoughts on authorization.

How have you designed and implemented authorization in your applications?

To get into the weeds a bit, have you opted for RBAC (Role-Based Access Control), ABAC (Attribute-Based Access Control), ReBAC (Relationship-Based Access Control), or something else entirely?

What tools or libraries have you found most useful in your work? Have you built everything from scratch, or have you relied on existing frameworks? Open source or commercial solutions?

What are the best practices you’ve discovered? Any industry standards or patterns you follow?

What are the pitfalls to avoid? What are the most common mistakes you’ve seen?

What are the most helpful resources you’ve found on the topic of authorization in software development? I’m looking for books, articles, videos, or anything else that has helped you.

Thanks so much! I’m looking forward to hearing your thoughts! Leave a comment below, send me an email at blog@joshuapsteele.com or reach out to me on BlueSky @joshuapsteele.bsky.social.