Building Smarter Authorization Systems with Sam Scott

Screaming in the Cloud - A podcast by Corey Quinn

Categories:

This episode explores the intricacies of authorization in software development with Sam Scott, CTO and co-founder of Oso. This conversation highlights the subtle yet critical differences between authentication and authorization, and why understanding these distinctions is pivotal for securing applications effectively. Sam shares his journey from a cryptography PhD to tackling real-world software security problems, emphasizing Oso's mission to streamline authorization for developers. The episode is rich with insights on how fine-grained authorization can significantly improve security posture and user experience, drawing on examples from prominent tech companies like AWS and Google Cloud. Sam also introduces Oso's innovative approach to authorization, simplifying permission management without sacrificing flexibility or control, making it an indispensable tool for developers navigating the complex landscape of modern software security.Show Highlights: (00:00) Introduction (01:49) Insights from Sam's PhD in cryptography(01:56) Understanding the difference between authentication and authorization(04:05) The real-world implications of key management and the role of authorization in security(06:02) Explaining role-based access control and its practical applications in cloud environments(10:47) The complexities of managing access controls in microservices architectures (15:37) How Oso simplifies the implementation of authorization for developers (19:21) Discussion on the importance of consistent authorization practices across internal and external applications(25:14) Sam explains the challenges and necessity of implementing user impersonation features in authorization systems(31:12) The future of authorization technologies and integrating them into business practices(35:38) Where to find more resources about Oso and get involved with their communityAbout Sam:Sam is the cofounder/CTO at Oso, working on making security and authorization more accessible for developers. Sam previously got a PhD in Cryptography and was a contributor to TLS 1.3Links referenced: Oso Website: https://www.osohq.com/Oso’s Authorization Academy: https://www.osohq.com/academy/authorization-academyOso Community: https://join-slack.osohq.com/https://oso-oss.slack.com/join/shared_invite/zt-1ygg193va-UTUiT7Gwt7DjZGgF96Ze~w#/shared-invite/email* Sponsor Oso: https://www.osohq.com/