Authorization, Continued: Experimenting with OpenFGA, Topaz, and Permify

As I mentioned in my previous post, “Devs, Let’s Talk Authorization!”, I’m working on a new, exploratory work project related to authorization. Specifically, we’re gathering authorization requirements from various orgs across our company and building 1-3 proofs-of-concept of a centralized, fine-grained approach to authorization. Right now, each org handles authorization in its own, usually coarse-grained and role-based way. Clarify Current Requirements The first thing I did was gather and clarify my org’s current authorization model/requirements....

March 7, 2025 · 5 min · joshuapsteele

Devs! Let's Talk Authorization

Calling all software developers! As I embark on a new, exploratory work project, I’d like to hear your thoughts on authorization. How have you designed and implemented authorization in your applications? To get into the weeds a bit, have you opted for RBAC (Role-Based Access Control), ABAC (Attribute-Based Access Control), ReBAC (Relationship-Based Access Control), or something else entirely? What tools or libraries have you found most useful in your work? Have you built everything from scratch, or have you relied on existing frameworks?...

January 23, 2025 · 1 min · joshuapsteele