I'm on the founding team at Oso, an open source library for authorization. Over time, we've gotten a lot of questions from developers on authorization basics – like how to model roles, where to add authorization checks, or how to integrate permissions in the UI.
It turns out that there's not much information available on these topics that's technical, concrete and user-friendly. So, we started writing a series of guides on these topics to capture everything we've learnt, heard, and experienced ourselves.
The series is called Authorization Academy. The first few chapters cover architecture and modeling roles. In the coming chapters we'll cover relationship-based access control, enforcement, and integrating permissions data into UIs.
We have a lot of topics we'd like to write about, and they take a fair bit of time, but let us know if there's anything in particular you'd like to read about!
The guides cover authorization generically and are not specific to Oso, so they should be useful for anyone who is building authorization into their app or otherwise wants to learn about the area. Of course, if you'd like to learn more about Oso you can visit our site or come talk with us in Slack.
Looking forward to your feedback! And if you find the chapters useful sign up to get notified when the next ones are released.