Articles about authorization, and other news from Oso's engineering team
Accordingly, vector databases were positioned to be the next it category of data storage—following previous waves that targeted search (e.g. Elastic), unstructured data (e.g. MongoDB), and analytical data (e.g. ClickHouse). Today, however, it’s unclear if vector databases will remain a standalone category. A vector database is more of a conduit for language models—the models do the heavy-lifting, handling vectorizations (i.e. creating embeddings) and re-ranking. Accordingly, the database depends on these models to carry-out vector search. This raises the question: are vector databases actually an independent category, or is vector search just a need-to-have feature of today’s databases?
Oso’s team offsite at Hemlock Neversink was all about bonding, strategy, and fun—goat hikes, team workshops, and even casino lessons in access control. We returned recharged, motivated, and stronger than ever. Want to join us next time? We’re hiring!
List filtering is the process of retrieving only the data a user is authorized to access, rather than fetching everything and filtering in-memory. In an LLM chatbot, this means ensuring users only see responses or documents they have permission for. Instead of checking authorization for each item one by one, which is slow at scale, Oso Cloud provides two efficient methods: centralized filtering, where the chatbot queries Oso Cloud for a list of authorized item IDs before retrieving them from the database, and local filtering, where Oso Cloud generates a database filter to apply directly in SQL, reducing unnecessary data transfers.
Join our upcoming O’Reilly SuperStream: Retrieval-Augmented Generation (RAG) in Production.
We just led a webinar on Fine-Grained Authorization in Python, watch to learn more about whether it is the best approach to secure your application permissions.
Evan Ziebart, Software Engineer at Duolingo, takes us through their journey from a home-grown solution to moving to Oso and hugely simplifying their process for managing user permissions.
Find out the hidden complexities of CRM authorization and learn how to do recursive authorization with Oso
Master resource-specific roles with Oso. Learn scalable permissions like Google Docs, GitHub, and Figma using Polar examples for flexible authorization.
How Oso provides EMR apps with the flexibility they need
The updates to Oso’s Local Authorization in the V2 SDKs make it easier to build flexible authorization workflows.
Fallback ensures your app remains up and operational, even in the case of an unexpected Oso Cloud outage.
We just led a webinar on How Google handles Authorization at scale, watch to learn more about whether it is the best approach to secure your application permissions
.avif)
ReBAC - especially Google Zanzibar's implementation of it - is the wrong abstraction for authorization.
Simplified fact management and powerful query builder API's - and much more!
.avif)
Simplified fact management and powerful query builder API's - and much more!
A look into the pros and cons of using TypeScript versus JavaScript, plus some thoughts on why there is so much drama around them lately.
A new set of reference material to help users take Oso into prod
Ashwyn Nair, Senior Software Engineer at Sensat, dives into how Oso has helped them create a safe space for their users to have full control over who can access their data.
.avif)
Generate TypeScript types from your Polar policy - and much more!
Polar now has its own language server implementation, making it easier to write your authentication policies
Peadar Coyle, Founder at AudioStack, dives into how they went from a homegrown authorization framework to using Oso and why it was critical to make this change for a GenAi company where protecting data is mission critical.
Why we moved from Fargate to ECS on EC2, and how we preserved a zero-downtime architecture in the process.
Announcing a new feature in authorization policies: a limited form of negation (not syntax).
How Oso uses Kafka and an Event Sourcing Architecture to deploy a highly-available, low-latency managed authorization service.
