|
|
|
|
|
|
by stingraycharles
1544 days ago
|
|
|
I’ve always wondered how authorization should be handled “properly”, as in, what is the end game that is capable of handling the problem at a scale seen at places like AWS? Are the validations and checks still integrated into a (middleware layer of the) service implementing the business logic? If so, how is all this governed, such that correct implementation of all authorization logic can easily be audited? I would absolutely love to learn more about this, I feel like I’m unable to conceive an appropriate solution to these requirements. |
|
|
Doubt it will answer all your questions but I found it interesting.