1 files changed, 5 insertions, 5 deletions

diff --git a/content/posts/2023-01-31-oso.md b/content/posts/2023-01-31-oso.md
index cace628..1ca57c2 100644
--- a/content/posts/2023-01-31-oso.md
+++ b/content/posts/2023-01-31-oso.md
@@ -1,9 +1,9 @@
 ---
-title: "Authorization and search operations"
-date: 2023-01-31T21:14:06Z
-draft: false
-params:
-  comments: true
+.title = "Authorization and search operations",
+.author = "Martin Ashby",
+.date = @date("2023-01-31T21:14:06Z"),
+.layout = "single.html",
+.custom = {"comments": true},
 ---
 
 Background: at work I help to build a [SAAS](https://en.wikipedia.org/wiki/Software_as_a_service) web application for healthcare. An important aspect of our web application is [authorization](https://csrc.nist.gov/glossary/term/authorization). It's a pretty hard problem, because the business has a fairly complex set of rules about who can see what data. The rules involve attributes of the [subject](https://csrc.nist.gov/glossary/term/subject) and [object](https://csrc.nist.gov/glossary/term/object), and the direct or indirect (e.g. via a group) relationship between them. It's also a pretty important problem; healthcare data is typically very sensitive and we need to obey the law and keep our users' trust in order to provide useful services. The problem is also constrained by speed; in order to render a web page in a reasonable time e.g. under a second, data must be fetched and authorized in just a few milliseconds.