Permit.io’s Substack

Permit.io’s Substack covers updates, tutorials, and articles on authorization, access control, and IAM. It highlights industry events, new tools, developer perspectives, and best practices for permissions management. Themes include the importance of conferences, authorization models, built-in security features, developer experience, and effective permissions management.

Authorization Access Control IAM Developer Conferences Security Best Practices Developer Experience APIs JWTs Role-Based Access Control (RBAC) Policy as Code

The hottest Substack posts of Permit.io’s Substack

And their main takeaways

You Don't Know Who Your Users Are.

159 implied HN points 06 Jun 24
🕹 Technology User Experience Software Development Security Authorization Access Control
  1. Different users need different access levels in apps. It's important to plan what each type of user should see and do.
  2. Internal users, like employees, also need access to applications but have different requirements than regular end users.
  3. It's crucial to have a balanced approach to permissions management. This means sharing responsibilities to avoid bottlenecks and inefficiency in the system.

We Went to Render ATL!

99 implied HN points 20 Jun 24
🕹 Technology Software Development Conferences Networking Tech community User Experience
  1. Connecting with other tech enthusiasts at conferences is really fun and important. It's all about making friends and sharing ideas.
  2. Render ATL is a big event that shows how frontend development has become super important in the tech world. It started small but now covers all kinds of development topics.
  3. The main goal of participating in events is to help people learn about tech and authorization. It's about making things easier for developers so they can focus on what makes their apps special.

Oh no, don't look - it's Developer Marketing

39 implied HN points 24 Jul 24
💼 Business Marketing Conferences Technology Community Product Development
  1. Marketing to developers is really different from regular marketing. You can’t just tell them they’re doing things wrong; you need to connect with their community and understand their challenges.
  2. At conferences, it’s important to engage with developers at different levels. Not everyone taking a sticker will become a customer, and that's okay. It's more about building relationships.
  3. Offering flexibility in your product is key. Developers have different needs, so let them use only what they want without forcing features on them.

We went to DevWorld!

179 implied HN points 01 Mar 24
🕹 Technology Conferences Software Development Networking Innovation
  1. DevWorld conference is a great chance for developers to learn and share ideas. It's also a fun place to meet other tech enthusiasts and see new tools.
  2. Focusing on listening rather than selling at events helps better understand the challenges developers face. Connecting over shared experiences can be more valuable than just making business deals.
  3. There are exciting new tools and products in the developer space like Sentry for monitoring, and Ditto for offline connectivity solutions. These innovations aim to improve developer experiences and make their work easier.

Is RBAC Still Relevant? Am I?

99 implied HN points 25 Apr 24
🕹 Technology Software Security Data Development Innovation
  1. RBAC is still important as it simplifies the management of user permissions by linking them to roles, making it easier for developers and users to understand.
  2. Newer models like ABAC and ReBAC are gaining popularity because they offer more flexibility and can handle complex permission requirements better than RBAC.
  3. Using RBAC as a foundation allows developers to build more advanced authorization systems by layering on additional models, adapting to the changing needs of applications.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Permissions, AI, and Plato’s Ideal API

79 implied HN points 09 May 24
🕹 Technology APIs AI Security Development Authorization Infrastructure
  1. APIs are now seen more as tools that users consume rather than just things developers create. This shift means we have to think about how APIs are used and managed from both ends.
  2. As APIs are used more, especially with AI, monitoring costs and handling errors are super important. Developers need to be careful about how many calls they make to avoid big bills and errors.
  3. The way we set permissions and handle security for APIs is changing. It's crucial to apply consistent security rules across all parts of an application, not just in isolated areas.

JWTs - Use Responsibly

59 implied HN points 23 May 24
🕹 Technology Web Development Cybersecurity Authentication APIs Data Structures
  1. JWTs are great for authentication but should be used carefully. They are not meant for detailed permission checks and can create security issues if misused.
  2. They are static once issued, meaning any changes to a user's role won't be reflected until the token expires. This can lead to potential security risks.
  3. JWTs are suitable for stateless, distributed systems and coarse-grained authorization, but for fine-grained control, other tools should be used.

Who cares about AuthZ? We went to KubeCon!

79 implied HN points 28 Mar 24
🕹 Technology Cloud Computing Software Development Cybersecurity Data Management Open Source
  1. Fine-grained authorization is becoming really important as more developers talk about it. People see that better security can happen with smooth developer experiences.
  2. The rise of cloud-native architecture and big data means we need better ways to manage authorization decisions. It helps reduce decision fatigue and improves security.
  3. Tools like Policy as Code and various authorization engines are helping different teams work together better. This can lead to faster and more efficient development processes.

Learning from the Best

79 implied HN points 14 Mar 24
🕹 Technology Software Development Engineering Practices Open Source DevOps
  1. Learning from bigger companies can help solve problems effectively. They often share their insights which can be adapted to smaller projects.
  2. Not reinventing the wheel is smart. Using existing solutions like policy engines can save time and effort while ensuring reliability.
  3. Engaging with the community and resources available online can provide valuable knowledge and support for developers looking to improve their work.

I coded the security system myself, it is very secure, because it doesn't work.

99 implied HN points 15 Feb 24
🕹 Technology Software Development Security Open Source Authentication
  1. Before building your own security system, think about whether it's really necessary. You might find better solutions that are already out there.
  2. Developers often dislike focusing on security tasks because they can be boring. It’s typically more efficient to use existing security tools instead of creating something new.
  3. There are standard systems like OAuth and JWT for handling security, and using open-source or developer platforms can save you a lot of headaches.

DevEx: Better than an ExDev (And your Ex)

19 implied HN points 04 Jul 24
🕹 Technology Software Development Cybersecurity User Experience DevOps Cloud Computing
  1. Developer experience (DevEx) is really important because it helps developers focus on building great apps while also handling security tasks more smoothly.
  2. It's crucial to make security features easy to use so that everyone involved, from developers to non-technical users, can manage permissions and access without problems.
  3. A successful approach to DevEx considers the whole development process, ensuring security practices are integrated naturally into workflows from start to finish.

Do Developers Dream of Google Zanzibar?

39 implied HN points 12 Apr 24
🕹 Technology Open Source Software Development Access Control Cloud Computing
  1. Open-source licenses are changing, and companies are finding it hard to balance fairness and sustainability. This is an important topic in the tech community.
  2. Google Zanzibar is a powerful tool for managing user access and permissions across many applications. It has changed how developers think about authorization systems.
  3. Different authorization models exist, like RBAC and ABAC, but Google Zanzibar offers a simpler, more effective way to handle permissions, especially in large environments.

Our first Substack!

59 implied HN points 01 Feb 24
🕹 Technology Identity Management Access Control Web Development Open Source
  1. Authentication and Authorization are often confused but are important parts of any app. Understanding how they differ helps ensure your app is secure.
  2. Many developers struggle with HTTP error codes 401 and 403, which can cause confusion. It's essential to know what these errors really mean in the context of your app.
  3. Using best practices in API design for Authentication and Authorization is crucial. There are many helpful tools and resources available to make the implementation process smoother.

Tell GPT It Can Scrape My -

3 HN points 09 Aug 24
🕹 Technology AI Ethics Data Privacy Web Development Software Tools Content creation
  1. Many creators are worried about how AIs use their work without permission. This can lead to sharing sensitive data and violating privacy laws.
  2. It's important to identify and rank who is accessing application data, including distinguishing between human users and automated bots.
  3. Users should have control over their own data. They need easy ways to set permissions for who can access their content and under what conditions.