[mceachen]

TL;DR: Monolithic applications (in any technical stack, not just Rails) are bad. See also: http://en.wikipedia.org/wiki/Big_ball_of_mud

Extricate focused concerns (like authentication or service discovery) so they can be well-tested, well-designed, and reused in new services.

[mbrock]

I'm curious about how exactly to go about extricating authentication, but I'm not sure where to look. Any pointers for best practices or cool patterns for this?

[mrgordon]

We have a single sign-on (Rails) application along with a client library that other apps use to integrate with it (which provides helpers for checking for accounts and roles as well as rspec helpers for writing tests that involve logging in without retesting the login/signup flow)

[mbrock]

Ah, ok. Do you think it would work okay with a distributed setup, with different apps on different servers, and so on? I'm imagining lots of RPC calls just for authorization. (Like, if the apps do defensive role checking.)