diff options
Diffstat (limited to 'content/posts/2023-01-31-oso.md')
| -rw-r--r-- | content/posts/2023-01-31-oso.md | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/content/posts/2023-01-31-oso.md b/content/posts/2023-01-31-oso.md index ed5aa07..cace628 100644 --- a/content/posts/2023-01-31-oso.md +++ b/content/posts/2023-01-31-oso.md @@ -2,6 +2,8 @@ title: "Authorization and search operations" date: 2023-01-31T21:14:06Z draft: false +params: + comments: true --- Background: at work I help to build a [SAAS](https://en.wikipedia.org/wiki/Software_as_a_service) web application for healthcare. An important aspect of our web application is [authorization](https://csrc.nist.gov/glossary/term/authorization). It's a pretty hard problem, because the business has a fairly complex set of rules about who can see what data. The rules involve attributes of the [subject](https://csrc.nist.gov/glossary/term/subject) and [object](https://csrc.nist.gov/glossary/term/object), and the direct or indirect (e.g. via a group) relationship between them. It's also a pretty important problem; healthcare data is typically very sensitive and we need to obey the law and keep our users' trust in order to provide useful services. The problem is also constrained by speed; in order to render a web page in a reasonable time e.g. under a second, data must be fetched and authorized in just a few milliseconds. |