Wayfair Senior Engineer, Nicholas (Nick) Matison, wrote about how his team journey broke its monolith into microservices and how it subsequently built out distributed authorization using Oso. This post covers:
- The decision to move from monolith to microservices
- Wayfair's requirements for an authorization solution
- Wayfair's POC with Oso and path to production
- Example policy code from Wayfair's app
"After researching various authorization libraries and architecture, we decided that the Oso authorization framework was the best for our needs." Read the post to hear learn more from Nick.
For a series of technical guides for building application authorization, read Authorization Academy. If you want to connect with Nick and hundreds of other like-minded developers working on authorization, join the Oso community Slack!
Expert Insight:
If you thought authorization in a microservices environment was complex, wait until your app starts acting on its own. Permissions are already hard enough: broken access control rose to #1 in the OWASP Top 10 list of AppSec failures.
The explosion of agents increases the attack surface. A human with incorrect permissions is bad, but an LLM agent can potentially cause orders of magnitude more damage. We have the opportunity, however, to rethink permissions and avoid making the same mistakes again.
Oso automates least privilege for AI agents. Oso can monitor agents' actions, fire alerts based on risky behaviors, and make it easy to quarantine an agent or to limit/expand privileges for task requirements.
Learn more about Automated Least Privilege for Agents
Frequently asked questions
