Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
Big is better right? Big data, big features, big customers. With those big customers comes requests for big acronyms like SAML, SCIM and RBAC. Getting those implemented depends on a strong foundation. The boring bits that were glossed over when building the company. Users, Accounts, Authorization, Billing… We can prevent heartache, tech debt and stress by getting a handle on them early on. I’ll talk about how to think about these basics as you go without overthinking it so hopefully you spend less time re-building the basics and more time creating products that wow people.
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In her presentation titled 'The Boring Bits Bite Back' at Helvetic Ruby 2024, Katie Miller, a senior staff engineer at NFI, emphasizes the importance of laying a solid foundation for authorization in application development. The focus is on the often-overlooked aspects of 'boring' features like users, accounts, and billing, which, if neglected, can lead to tech debt and security vulnerabilities as applications scale. Miller clarifies the distinction between authentication and authorization in a system, describing authentication as 'the keys to the castle' while authorization determines who can access various areas within that castle. Key points discussed in the presentation include: - **Understanding Authorization:** Authorization can become convoluted as applications grow; developing a simple, predictable framework from the beginning is essential. - **Initial Setup Challenges:** As the example app 'ptrax' evolves, the need for role-based access control becomes evident as different users interact with the app, such as pet owners and caretakers who require varying access levels. - **Policy Authorization Pattern:** Introducing this pattern helps address complex permission requirements by focusing on whether a user can perform an action on a resource, making the system easier to manage. - **Growing Complexity:** As more roles are added and requirements evolve, ensuring clarity and simplicity becomes challenging. The importance of refactoring to streamline authorization processes is highlighted. - **Avoiding Overcomplication:** While policy patterns offer a structured approach, they can complicate customization. Using relational data structures and established libraries like 'cancan' can enhance flexibility in managing roles and permissions. - **CRUD Principles:** Maintaining CRUD structures is essential to prevent a bloated codebase, ensuring that authorization mechanisms are straightforward and easy to follow. Miller concludes by advising developers to prioritize simplicity, flexibility, and clear documentation in authorization systems. The overarching message is that while it’s tempting to innovate in authorization, focusing on its basic principles will mitigate future complications. This proactive approach enables teams to dedicate their creative energy to enhancing product features that genuinely delight users.
Suggest modifications
Cancel
