Column | The exhausted era of certification development is coming to an end


Message or video call functions can be done with Twilio. Credit card payment is resolved with a line. If you need to implement machine learning models, expand computer resources, or log in to hundreds of other services, including podcasts, all you need is an API through a cloud provider. On the other hand, it is difficult to give or deny permission to the user in the application.

Getty Images Bank

Authentication feature (along with authentication feature) is one of the basic requirements of application developers, but doing so is still a big headache. As Randall DeGues points out, “Every time I try to create authentication and validation functions for websites, mobile applications, and API services, there are very few that are unstoppable.”

OsoIs confident that the situation will improve. The company, which recently received Sequoia Series A funding, offers libraries and pre-built integrations that allow developers to use the permission function quickly, while also providing polar policy language that developers can modify as needed. Built-in and provided.

Oso CEO Graham Nere said in an interview that the authorization function is “the next layer in software that requires personalization or abstraction”. I also agree and I think companies that address the basic grievances of such developers have the potential to achieve great success.

Difficulties in implementing the permission function

Specifically, what Degez pointed out in 2017 is as follows.

“Even if you are trying to create a simple website that supports user registration and login, you still need to know and understand the concept of low-level permissions. In addition, this concept must be implemented securely and reliably to protect user privacy, which is the most important data in the application. The same thing happens with the programming language I use. As a result, we must implement a ton of repetitive logic that deals with mission-critical and highly sensitive information and can lead to significant business losses if something goes wrong. ”

In view of the remarkable advances in technology, it can be assumed that this problem has been solved for over three years since the publication of DeGuez’s article. This is not wrong, but it is not entirely correct. According to Oso’s Crime, despite advances in developer tools, developers are still creating their own licensed features. Although generally widely applied, there is not yet a flexible solution to be useful.

What is the reason? For reasons mentioned by DeGage in a separate post, authorizers (developer) such as OAuth and OpenID Connect (OIDC) need to understand how these standards work and (if any) apply these standards to their own applications. There is a burden to understand the method itself.

“But 99.99% of current developers do not know or want to know about Oats, OIDC, or any other security specification. What current developers want is a simple and easy way to support user authorization and authentication features in their applications,” he said. I’m looking for. “

Andrew Oliver points out Oath’s browser-centric problem. “We hope the requesting person can handle HTTP redirects, and this focus on web browsers will lead to everything on the Internet of Things, not just mobile applications,” he said. In essence, the tools that allow the past are still very limited and very difficult.

The manner in which the battery is inserted is important

As Nere points out, despite many technological advances, permit performance has remained relatively age-old ‘. How to solve this situation. To dramatically improve developers’ flexibility, Oso offers a ‘battery-included’ approval method, as well as a ‘police code’ language. This language allows developers to customize to suit their needs rather than basic customization.

That language is Paula. It is a declarative language that allows developers to describe what the licensed world is like, but they do not have to worry about what they have to do to make it happen. “The basis for expressing the Polas permit logic built into Rust‌, that is, who can do what in that application,” Nere said.

“We have built APIs and guidelines on Polar to implement logic and model common patterns, hierarchies and relationships, multi-rental, and debuggers and REPLs. As a result, developers who use Orson spend less time building permit functions. “This is the core value of this tool.”

However, much remains to be done in the future. Over the next few months (and years), Orso will improve the scope and usability of its libraries and APIs. This will reduce the hassle and hassle of developing a permit function.

This is not the end. Nere said Oso was thinking a little bigger. In fact, Orso is currently only available as an open source library, but plans to expand it to management products. Select the cloud service that enables the Internet Permission Function. Understanding this vision requires addressing complex distribution system challenges around consumption, delay and data migration.

This is not an easy task, but if it is successful, it can reward Oso and developers. In early March 2021, Octa agreed to buy Auth0.5 for $ 6.5 billion. Prior to this transaction, many similar transactions were completed. It can be seen that companies are continuing their efforts to solve the permission function issue to improve developer productivity.

By looking at this acquisition amount, it shows how valuable it is to facilitate developer life by providing authorized access one by one.


Source by [ciokorea]

Re Writted By [Baji Infotech]

Leave a Comment