(How should I build proper authorization semantics for a complex dataset?)

  • Take inspiration from GraphQL (especially Mutations) and micro-services and ask: what is the smallest usable operation?
  • Design operations around security/authorization boundaries (instead of designing authorization around the operations).
  • Differentiate in semantic terms: book.add.existing isn't book.add.toBePublished.
  • REST is dead: e.g. POST /book needs to be split into smaller pieces (if (params.published) then {book.add.existing()} else {book.add.toBePublished()}) ... it is too wild to try to secure large, multi-semantics operations as one piece.
  • Hierarchy of operations (for bundling in terms of permissions management) must be explicit from the start.
securing with a knot the climbing rope!
Photo by Free To Use Sounds / Unsplash