Popular Ruby frameworks bring us a lot of useful tools out of the box, but there are missing parts too.
For example, for such an essential task as authorization, we are on our own. The variety of open source solutions comes with the problem of choice—there is no silver bullet.
Nevertheless, it’s possible to extract common patterns of designing authorization systems and define common technical problems, such as performance, code maintainability and testability, and integration with client-side applications.
This talk aims to shed light on both theoretical and practical problems: from different authorization models to useful code techniques I came up with while working on the Action Policy framework.