Authz as a Dev Workflow: Architecting Better Cloud Native Apps - Dan "phrawzty" Maher, Cerbos
Dan "phrawzty" Maher, Cerbos
KubeCon + CloudNativeCon Europe 2025 · Session
In this KubeCon EU 2025 talk, Dan "phrawzty" Maher, an open-source advocate at Cerbos, challenged the conventional perception of authorization. He argued compellingly that authorization, often relegated solely to the domain of security, is fundamentally a **developer experience problem**. Maher drew parallels to the evolution of other critical infrastructure concerns like networking, storage, and deployments, which have all undergone significant transformations to become more declarative, abstracted, and developer-friendly. Authorization, however, has largely remained "stuck," leading to friction, security gaps, and slowed development velocity.
AI review
This talk brilliantly reframes authorization from a mere security constraint into a critical developer experience problem, a perspective long overdue. Maher dissects the "authorization paradox" with brutal honesty, exposing the tangled mess of current practices. He then systematically lays out a declarative, externalized, and context-aware architectural approach, complete with actionable design principles and a survey of open-source tools. It's a compelling argument for embedding authorization as a first-class concern, promising both enhanced security and developer velocity.