|
|
|
|
|
|
by akajla
1092 days ago
|
|
|
You can encode capabilities/permissions as scopes in distributed tokens (e.g. OAuth) but this can start to break down if you have very granular, fine-grained permissions (e.g. user:1 has 'editor' access to 1000s of documents/objects). This is similar to the problem that Carta ran into while building out their permissions[1]. In addition, yes - validating permissions on each request makes it so that you can revoke privilege(s) with immediate effect without needing a token to be invalidated. [1] https://medium.com/building-carta/authz-cartas-highly-scalab... |
|
|