Popular Ruby frameworks bring us a lot of useful tools out-of-the-box, but there are missing parts too. For example, for such essential task as authorization we are on our own. The variety of open source solutions comes with the problem of choice—there is no silver bullet.
Nevertheless, it’s possible to extract common patterns of designing authorization systems and define common technical problems, such as: performance, code maintainability and testability, integration with client-side applications.
This talk aims to shed light on both theoretical and practical problems: from different authorization models to useful code techniques I came up with while working on the Action Policy framework .