Authorization at the gateway: CEL and OPA for policy-driven access control
Authentication is a solved problem. Authorization is where things get complicated.
Once you know who is making a request, how do you decide what they're allowed to do?
At small scale, authorization is simple. An admin role gets full access, a viewer ...
barbacane.hashnode.dev9 min read