| Disclosure: I'm the founder of Oso (osohq.com). It's good to see more activity in this domain. One thing I've noticed over the last several years has been: beyond the fact that we haven't had good options for authorization tools, the world doesn't have enough mental models and good language for describing the authorization _problem_. It's mostly RBAC and ABAC. That is...limited! As more people work on this problem, I hope we'll continue to build out the collective knowledgebase in addition to having tools that supercharge us. To get the ball rolling, we've written a number of articles, e.g., - What is Google Zanzibar (https://www.osohq.com/learn/google-zanzibar) - Authorization Academy, a series of technical guides on building authorization into an application (https://www.osohq.com/academy) - Why Authorization is Hard (https://www.osohq.com/post/why-authorization-is-hard) - Best Practices for Authorization Microservices (https://www.osohq.com/post/microservices-authorization-patte...) - Authorization Patterns in GraphQL (https://www.osohq.com/post/graphql-authorization) Onward :) |