Learn why sub-10ms authorization is the new gold standard for enterprise apps. Discover how Oso delivers lightning-fast, scalable permission checks without compromising on flexibility or control.

Learn how Oso Cloud enables fine-grained access control in microservices using RBAC, ReBAC, ABAC, and Polar—our purpose-built policy language.

Join our upcoming O’Reilly SuperStream: Retrieval-Augmented Generation (RAG) in Production.

List filtering is the process of retrieving only the data a user is authorized to access, rather than fetching everything and filtering in-memory. In an LLM chatbot, this means ensuring users only see responses or documents they have permission for. Instead of checking authorization for each item one by one, which is slow at scale, Oso Cloud provides two efficient methods: centralized filtering, where the chatbot queries Oso Cloud for a list of authorized item IDs before retrieving them from the database, and local filtering, where Oso Cloud generates a database filter to apply directly in SQL, reducing unnecessary data transfers.

List filtering is the process of retrieving only the data a user is authorized to access, rather than fetching everything and filtering in-memory. In an LLM chatbot, this means ensuring users only see responses or documents they have permission for. Instead of checking authorization for each item one by one, which is slow at scale, Oso Cloud provides two efficient methods: centralized filtering, where the chatbot queries Oso Cloud for a list of authorized item IDs before retrieving them from the database, and local filtering, where Oso Cloud generates a database filter to apply directly in SQL, reducing unnecessary data transfers.

We just led a webinar on Fine-Grained Authorization in Python, watch to learn more about whether it is the best approach to secure your application permissions.

We just led a webinar on How Google handles Authorization at scale, watch to learn more about whether it is the best approach to secure your application permissions

A look into the pros and cons of using TypeScript versus JavaScript, plus some thoughts on why there is so much drama around them lately.

A new set of reference material to help users take Oso into prod

Adding access control to LLM chatbot responses with Oso Cloud and Postgresql

This post provides specifics on when to use Oso, and when not to.

The 10 types of authorization and how to identify them.

How do you reliably perform authorization in a backend built with microservices? There are lots of valid answers, but they tend to fall into three groups.

Everyone’s talking about Zanzibar, and it’s easy to understand why. It handles authorization for Google, so surely it can handle it for you and me. But at what cost? And does that mean that it’s the right solution for the rest of us?

Relationship-based access control (ReBAC) is an authorization pattern where permissions are derived from relationships between resources. In this blog post, you will learn how to implement ReBAC in Node.js with Oso Cloud

A guide on how to POC authorization as a service products and a framework for running the evaluation process.

Introduction to Local Policy Testing with Oso Cloud

In ABAC, access control decisions are made by evaluating various attributes and policies, allowing for more fine-grained and flexible access control than traditional models like role-based access control (RBAC)

There are three key decisions in handling authorization data: storing the data, accessing the data, and modeling the data.

Implement Role Based Access Control (RBAC) and Relationship Based Access Control (ReBAC) in Oso instead of Node.js

There's a fundamental tension in authorization. Is it business logic or authorization logic? Should it be in the app, or separate? Let’s talk about what makes authorization hard, some of the approaches for solving it, and the associated tradeoffs.

Despite the fact that authorization is a problem as old as software, it’s core to just about no one’s domain. So most people are looking for a Rails-like experience. So, an authorization system needs to be opinionated but flexible – opinionated to get you from zero to best practices quickly, but flexible to support all the things *your* app needs.

As Oso’s first developer experience engineer, Corey Ashby, walks through creating a functional sample application using Oso Cloud.

how to use Kubernetes Authorization webhooks to defer authorization decisions to Oso Cloud, a fully-managed authorization service.

An overview of different patterns for building authorization in GraphQL