Show:
monolith vs microservices
things you auth to know!!!!!!!!!!!!!!!!!
List
F I L T E R I N G
Use Cases + Mystery
Mystery
100

When Oso differentiates btwn monoliths & microservices, what are the 2 main things we need to know to confirm a company is microservices by our definiton?

1. separate services supporting the same app
2. separate databases supporting those services

100

2 pains of centralizing data

syncing + performance (elaborate)

100

What is list filtering?

When I want to show a list to my user that will be filtering in some way with authorization

100

How does Oso ensure low latency?

We achieve low latency by running instances of Oso Cloud as close as humanly possible to your VPC.

100

What is the Oso Fallback?

Instance of Oso in our customers VPC

200

Why do we care if services are supported by different databases?

Because then the company needs to worry about getting data from one place to another. That's painful and creates a good opp for Oso

200

Why is authorization on the critical path?

Apps need to use authorization

200

Why does list filtering need to be fast?

User experience

200

Bonus

Bonus

200

How does Oso ensure high availability?

running instances of Oso Cloud everywhere from Singapore to SF and across multiple availability zones

300

Why are microservices in our ICP?

Since data is separated, these companies have more pain when they're doing authz. We want to work with companies in pain!

300

What are the three parts of the authz probem?

Model, data, enforcement

300

Example for why we would need non authorization data in list filtering?

Up to marci

300

Can you describe an example of list filtering in Docusign?

All of the documents I have access to sign

300

What is the difference between "centralizing the logic" and syncing the data to a centralized place?

We can't just move the data to one place. So we would need to centralize the data AND keep it in sync with the rest of the app. This is painful


Logic can be moved to a central place and called upon with an API

400

What does Oso do to solve authz in microservices?

Local authorization. You can keep your data in the database and Oso can use that data without you centralizing it

400

What is local authorization?

400

What are the shortcomings with Zanzibar?

1. Syncing the data is hard to keep in sync, error prone
2. It's computationally intensive and will leave to poor performance

400

Bonus

Bonus

400
When an app does "enforcement" what does that mean in plain english?


When we ask the app an authorization question

500

Why is authorization/list filtering particularly hard in microservices?

We want to centralize authorization but the data is spread out across multiple services. These 2 things are fundamentally at odds with eachother

500

What is the connection between Fine grained authorization, local authorization & list filtering?

[up to marci]

500

How does Zanzibar solve for list filtering?

Sync all authz relevant data to one place

500

Does the Fallback help with performance/latency or uptime?
*why*?

Uptime

500

what are the 2 types of authorization questions you can ask? With an example

1. Yes/No: Can I open this file?
2. List: show me all of the opps I have access too