oso engineer, Alex Plotnick, led a talk on Polar, oso's declarative policy language

The second installment of our series on building a runtime reflection system in Rust looks at how we can dynamically access attributes on Rust structs at runtime.

At Oso, our goal is to enable users to cleanly separate authorization logic from the rest of their application code. This separation is particularly challenging to achieve for list endpoints that return multiple records. When we started thinking about list views, we realized a single yes or no authorization result was not sufficient because it only enables filtering a collection of records that are already in the application. In this post, we will discuss a solution that allows authorization rules to output filters that can be evaluated more efficiently at the data retrieval layer.

Recently during a company hackathon we decided to try out using oso's Polar language for a different kind of use case – making a game!

Using Azure Active Directory's B2C identity platform and oso's open-source authorization library for Flask, we'll show how to add user authentication and access control to a simple Flask app.

When building support for Rust applications, we needed a system that could give us dynamic access to types, attributes and methods at runtime. Since Rust doesn't have native support for such things, we had to build our own version of a runtime reflection system.

In this post, we'll show how to incrementally build complex authorization policies with oso, using GitHub's authorization model as an example.