In a world where authorization is externalised, ownership often still relies with decentralised application teams to allow for organisational scalability. Autonomy of these teams is important so that they can move fast. Zalando has 2000+ inhouse applications owned by 100s of engineering teams who will use externalised authorization. Each of these teams will write their own authorization policies as code using Open Policy Agent.
This talk will share insights into how we started treating authorization artefacts similar to other application development artefacts. The focus will be on building blocks and safeguards that enable engineering teams to take authorization policies through the development life cycle.