Session Description

When an application is small, few or even no permissions are needed. However, as applications grow larger, it is common to have increasingly complex permissions models. While things are still small, it's easy to meet these needs through something built in-house, but as security needs become more complex, a better model is often needed.

The world of authorization solves precisely this problem. In this talk, Joy will discuss a high level overview of the authorization landscape, including common models such as ACLs, RBAC and ABAC and their respesctive use cases. The session will also delve into more depth about how this problem was approached at both Box and Split and some of the things the teams considered. Attendees will hear the pros and cons for the various options with regards to Box and Split's use cases and what the organization ultimately chose to do.