►
From YouTube: 2022 in review: Top 5 authorization trends
Description
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A
Hey
everyone
and
welcome
to
this
session
on
the
trans
and
devsec
Ops
and
Cloud
development.
You've
got
a
few
two
cool
and
I'd
like
to
say
developers
on
myself
or
wise,
a
developer
and
security
practitioner
and
background,
and
now
founder
and
CEO
at
permanent
IO
and
with
me
one
of
my
favorite
people
is
Philip
or
a
Dev.
Advocate
Philippi
won't
add
a
few
words
about
yourself.
Yeah.
B
Sure
so
I
mean
I'm
a
developer
Advocate,
but
I
do
have
a
background
in
engineering
I
used
to
lead
a
team
at
Cisco.
The
front-end
efforts,
especially
at
Cisco
Cisco,
is
you
know
a
networking
company
and
it
involves
a
lot
of
security,
so
I'm
sure
I'll
be
able
to
have
some
input,
as
well
as
some
interesting
input
when
we
come
and
talk
about
Dev
security,
Ops
and
Cloud
development
this
year,
and
maybe
the
possible
trends
of
next
year.
A
Awesome
yeah
I'm
kind
of
excited
for
this.
It's
always
good
to
kind
of
sum
up
a
year
and
trying
to
take
a
glimpse
in
what's
coming.
A
B
A
So
so
I'm
really
excited
to
hear
what
what
how
you.
A
B
I
think
a
lot
of
people
I
mean
actually
software
is-
is
becoming
very
prominent
in
in
everyone's
lives,
not
even
just
the
companies
that
are
Tech
related,
but
also
you
know
just
the
normal
people
that
need
to
use
Tag
these
days,
and
there
is
there's
a
big
Trend
and
a
big
prominence
on
actually
having
security,
be
part
of
those
Trends
and
be
part
of
those
ever-growing
companies
that
are
involved
in
Tech,
just
to
kind
of
take
a
few
steps
back.
I
think
it's
an
interesting
contrast.
B
How,
a
few
years
ago,
we
didn't
treat
security
as
like,
a
very,
very
big
priority,
at
least
not
as
high
of
a
priority
as
it
is
right
now
and
what
we
noticed
is,
for
example,
take
it
back
like
10
years.
Nobody
really
cared
about
authentication,
even
more
so
about
authorization.
I,
don't
think
that
was
a
concept
much
much
back
then,
or
at
least
a
talking
point
and
everyone
build
their
home
resolution.
Everyone
did
everything
on
their
own
and
then
move
forward.
B
The
few
years
until
today,
authentication
is,
is
almost
becoming
a
standard
of
every
company.
You
know
developer
wants
to
work
on
it
because
there's
companies
that
do
it
better
and
same
thing
with
kind
of
authorization,
I
think
you
know
it's
it's
becoming
almost
a
thing.
That
is
a
requirement.
Security
is
growing
ring
ever
higher
and
people
just
don't
want
to
do
the
hard
work
and
they're
moving
and
trying
to
find
solutions
that
you
know
they
can
incorporate
in
a
simple
way
to
save
them
time
and
to
add
value
to
the
company.
B
A
I
definitely
agree,
I
think
you
know,
software
is
eating
the
world,
that's
kind
of
a
common
understanding
now
everyone's
realizing
it,
but
we
see
it
like
also
with
shift
left
really
more
and
more
elements
are
moving
to
the
developer
side,
more
and
more
elements
of
both
security
operations.
Everyone
wants
to
start
them
as
early
as
possible
or
starting
to
realize
that
if
you
try
to
edit
later,
it
doesn't
really
work
well
and
then
it's
also
a
question.
I
think
that's
what
you
kind
of
touched
on
the
question
of
what
are
the
Baseline?
A
That
this
is
affecting
a
lot
more
people,
so
it's
not
just
developers
we're
seeing
product
managers
we're
seeing
sales
we're
seeing
Professional
Services
we're
seeing
the
security
people
also,
from
the
other
end
every
one's
kind
of
honing.
In
on
the
devsect
Ops
angle,
everyone
wants
to
be
able
to
chime
in
and
how
do
you
do
security
on
the
development
cycle
itself?
How
you
bake
in
security
into
the
product
in
the
earliest
stages
and.
B
A
Understand
what
it's
like
to
be
a
developer
and
they
have
to
understand
how
security
works,
because
they
have
to
have
those
baselines
as
part
of
our
product.
You
can
go
without
authentication
today
and,
as
you
said,
as
opposed
to
10
years
ago,
no
one
wants
to
build
it
from
scratch,
authentication
of
a
proven
thing
now
you
just
like
it
used
to
be
like
10
years
ago.
We
had
that
understanding
of
things
with
encryption.
Already
you
don't
want
to
roll
it
around.
No
one
understanding
has
already
kind
of
taken
another
step
forward
with
authentication.
A
You
don't
want
to
roll
it
around
and
I
think
we're
starting
to
see
the
authorization
as
well
in
general.
Maybe
everything
that
isn't
a
core
part
of
your
product
and
especially
if
it's
not
a
core
part,
and
it
has
a
ability
to
affect
the
stability
or
security
of
your
product,
it's
better
off
to
use
at
least
an
open
source
solution,
or
at
least
the
best
practices
that
the
market
has
come
up
with.
Instead
of
trying
to
do
it,
your
own
and.
A
A
A
So,
as
someone
who's
really
at
the
front
lines,
can
you
maybe
share
how
how
did
you
engage
with
those
customers?
What.
B
I
mean
I
think
just
taking
one
step
back
as
well,
just
to
highlight
the
point
on
you
know
having
people
like
product
managers
have
to
be.
You
know
part
of
software
now,
I
think
what
we're
seeing
is
that
in
general,
security
is
very
difficult.
It's
a
very
difficult
concept
that
requires.
You
know
a
lot
of
knowledge
to
grasp,
especially
for
developers.
It
requires
a
huge
amount
of
knowledge
to
implement
and
it's
hard
to
implement
security
within
an
apps.
B
There's
too
many
things
that
you
need
to
make
sure
that
are
working
and
no
developer
wants
to
be
put
in
a
situation
where
they
write
a
piece
of
code,
and
you
know
it,
it
doesn't
work
or
it
doesn't
work
the
way
it
should
and
then
there's
some
security
flaws
in
the
system.
That's
probably
a
developer's
worst
nightmare,
so
I
think
what
we're
seeing
now
is
a
big
Chef
shift
to
kind
of
software.
B
That's
very
easy
to
use
very
abstract
and
that's
kind
of
where
we
talk
about
no
code,
UI
and
and
now
going
back
to
client
meetings.
I
think
a
lot
of
the
companies
that
we
spoke
to
companies
that
are
in
healthcare
in
in
security.
They
you
know
they.
They
have
this
whole
team
of
developers
that
are
willing
to
to
build
this,
but
they
don't
want
to
build
it
themselves.
They
want.
B
They
want
to
use
something,
that's
already
out
there
and
that's
not
just
to
make
it
easier
for
the
developers,
but
it's
also
to
allow
other
team
members
to
be
able
to
use
the
product
and
have
an
understanding
of
the
product.
So
this
is
kind
of
what
we're
seeing
with
our
clients.
B
More
clients
are
actually
coming
to
us
and
they're
asking
us
about
the
solution
that
you
know
might
be
offered,
and
you
know
they're
very
interested
in
seeing
how
they
can
do
it
in
an
abstract
way
where
they
can
engage
the
rest
of
the
team.
A
Right
right,
so
it's
not
just
about
the
developers
getting
the
security
tools,
it's
about
the
developers
enabling
all
the
other
folks
to
work
on
those
tools
as
well.
I
think
that
actually
puts
us
in
a
very
interesting
Junction
between
two
Trends.
So
one
Trend
that
is
very
apparent
and
kind
of
talked
about
is
the
shift
left
and
and
kind
of
security
becoming
ingrained
and
everyone
becoming
a
developer
to
some
degree
everyone
working
on
on
security
and
becoming
something
that
is
unavoidable
for
basically
all
the
personas.
A
All
the
stakeholders
within
the
company
and
another
trend,
is
the
growth
of
code
and
specifically
policy
as
code
to
manage
all
of
these
complexities
and
there's
there's
some
somewhat
of
a
tension
there.
So
as
a
developer,
you
want
to
manage
things
as
special
complex
things
like
policy
is
good.
Infrastructure
is
code,
configuration
is
code.
Everything
is
code,
is
basically
the
hardest
Trend
right
now,
but
code
is
not
accessible
yet
to
everyone.
A
Product
managers
might
be
a
little
tech
savvy,
but
they're
not
full-blown
developers.
The
security
people
themselves
that
need
to
work
with
this
they're
not
full-blown
developers
these
not
most
of
them,
but
they
need
to
work
on
this.
So
on
one
hand
we
want
to
manage
things
as
code.
On
the
other
hand,
we
want
to
enable
everyone
to
work
on
this,
and
these
are
seem
to
be
apparently
in
Conflict.
A
I
have
some
ideas
on
where
this
is
going
to
be.
The
thing
one
thing
that
you
mentioned
is
through
kind
of
low
code,
so
interfaces
that
make
it
easier
for
not
full-blown
developers
to
work
on
these
problems
and
maybe
even
generate
code
for
them.
So
no
code
interface
is
the
generate
code.
I
think
are
are
a
swell
thing
that,
in
the
end
of
the
day,
you
get
that
Baseline
best
practice
of
policy
as
code
or
configurations
code,
you
imagine
in
a
git
repository,
you
can
do
code
reviews
on
it.
A
B
A
General,
the
low
code,
no
code
space
is
growing
very
quickly.
No
code
aspects
are
becoming
a
key
part
of
almost
every
product,
so
just
having
that
additional
code
generation
thing
I
think
would
really
become
very
valuable
there
and
I
think
that
also
touches
on
another
Trend
that
we're
seeing
really
exploding
in
these
recent
days
and
that's
a
generative
AI,
so
machine
learning
component
that
you
feed
with
some.
A
Might
be
text
prompts
maybe
a
form
that
you
feel
maybe
a
another
kind
of
interface,
but
at
the
end
of
the
day
that
AI
can
generate
text
code
interfaces
documentation
for
you.
So
having.
B
A
That's
a
very
exciting
space
and
you
know
I,
don't
really
believe
in
AI
is
going
to
take
over
everything
and
all
the
developers
be
out
of
jobs
or
anything
like
that
it
would.
The
jobs
will
just
change.
It
would
be
collaboration
with
the
AI
using
that
AI
to
generate
for
ourselves
to
enable
enable
other
people
to
generate
code
and
then
still
think
that
lower
level
of
code
AS
code
is
still
a
good
thing
that
we
have
a
lot
of
best
practices
on
on
how
to
manage
complexity
on.
A
That
that
makes
it
easier.
What
do
you
think
of
that?
Or
what
are
our
upper
trends
that
you're
saying
I.
B
Mean
I
I
think
it's
it's
nice
to
see
the
retrospective
of
what
has
been
happening
before
and
I.
Think
the
first
site,
where
we
saw
a
no
code
UI
come
into
place,
was
with
website
creation,
and
you
know
it
started
off
with
people
and
having
to
hire
developers
to
build
that
and
then
obviously
there
came
the
whole
kind
of
group
of
companies
that
designed
this
no
code
UI
for
not
just
people
with
little
technical
skill.
B
It's
it's
anything!
That's
complex
and
anything
that
can
be
automated
and
obstructed
is
done
and
is
our
ways
are
found
to
be
done
because
it
just
kind
of
really
gives
a
faster
workflow
for
companies.
It
really
makes
it
much
more
of
an
easier
process,
so
I
think,
especially
with
like
we
saw
for
ourselves.
A
A
You
need
that
other
player
to
take
some
of
the
burden
off
of
you,
but
then
you
need
that
vendor
to
work
for
you
in
a
way
that
you
can
trust
and
the
best
way
that
we
have
so
far,
which
I
don't
think
is
that
good?
But
it's
better
than
nothing
kind
of
like
democracy.
It's
the
best.
The
best
option
of
all
the
rest
that
we've
tried
is
compliance
so
having
the
vendor
meet
the
specific
standard
that
you
know
is
audited.
A
That
you
know
is
standardized
that
you
know
can
be
verified,
can
really
help
you,
as
you
engage
in
growing
what
you
need
to
form
in
your
product
or
in
your
company
and
as
more
companies,
look
at
compliance
as
a
way
to
standardize
engaging
with
our
vendors.
A
So
and
I
think
the
spaces
that
are
that
have
the
most
compliance
pressure
are
our
health
care
fintech,
so
the
security
space
itself,
the
government
space,
so
that
pressure
on
just
we
need
to
manage
all
this
complexity.
So
we
need
compliance
forces,
a
lot
of
companies
to
start
with
compliance
that
they
want,
and
so
they
need
to
themselves
adopt
solutions
to
make
the
compliance
easier.
A
Cycle
but
it
is
a
cycle
like
you
need
compliance,
so
you
need
better
tools
for
the
compliance,
so
you
need
better
compliance
for
the
tools
which
need
better
tools
and
rinse
and
repeat
but
I.
Think
in
the
end
of
the
day,
it's
kind
of
a
tie
that
floats
all
boats,
the
entire
the
level
of
finds
the
standard
that
we
think
of
of
what
is
the
minimum
compliance
that
a
company
should
have
is
rising
across
the
market.
So
I
guess
another.
A
B
Talking
about
better
tools,
how
how
do
you
kind
of
see
authorization
as
a
service
in
that
space,
because
you
know
we
see
a
huge
amount
of
Interest
coming
in
from
different
companies
in
different
genres
of
tech?
So
you
know
how
do
we
see
that
kind
of
going
forward.
A
So
I
think
with
that,
it's
really
in
the
end
of
the
day,
if
you
look
at
compliance
standards
like
sock,
2,
ISO,
even
the
gdpr
and
CCPA,
definitely
things
like
HIPAA.
In
the
end
of
the
day,
when
you
break
it
down
it's
about
70,
to
90,
about
access
control,
it's
about
how
you
decide
within
your
processes
or
within
the
products
You're
Building,
who
can
do
what
in
which
scenarios
so.
A
Times
you
can
make
this
work
just
having
processes
in
place
having
human
readable
policies
that
the
humans
in
your
organizations
have
to
follow.
But
it's
a
lot
easier
to
make
sure
that
people
follow
things.
If
they're
automatic
guardrails,
there
are
automatic
checks
that
are
more
or
better
yet
automatic
gains
that
control
who
can
do
what?
A
And
that
applies
both
for
what
you're,
building
internally,
how
your
organization
works,
but
also
what
you
provide
to
your
end,
customers,
if
you're
building
a
product
in
order
for
you
to
be
compliant,
you
need
to
bake
in
Access,
Control
and
permissions
into
that
product,
both
in
how
you
operate
it
and
how
people
use
it
and
your
customers
will
have
to
have
access
controls.
Everyone
kind
of
thinks
about
our
back
as
kind
of
the
Baseline.
A
Is
kind
of
the
role-based
access
control
is
the
bread
and
butter
of
basically
of
compliance
or
permissions
in
in
any
product
that
you
build,
so
everyone
today
engaging
products
knows
to
ask
for
our
back,
but
I
think
that's
just
the
beginning.
The
complexity
is
continuing
to
rise.
The
amount
of
people
that.
B
A
And
so
I
think
it's
getting
to
a
point
where,
having
an
authentication
having
identity
management
having
permissions
as
a
baseline
to
start
with
anything,
you're
building
is
kind
of
the
easiest
way
to
go.
It
removes
a
lot
of
friction
from
down
the
road,
because,
if
you
try
to
add
it
later,
it
would
be
more
painful
and
I.
Think
more
and
more
people
are.
B
A
B
But
I
think
in
this
case
there
is
a
lot
of
companies
that
are
going
to
have
the
dilemma,
and
it's
like
do.
I
do
I
use
this
now
or
do
I
use
this
later
and
I.
Think
many
small
startups
I
think
it's
either
a
good
thing
or
a
bad
thing
if
they
use
it
later,
because
there
already
might
be
for
the
process
and
obviously
that
the
most
difficult
part,
especially
when
it
comes
to
authorized
station,
is
like
can
I
implement.
This
now
have
I
not
started
too
late.
B
Is
it
possible
for
me
to
move
everything
and
you
know
for
for
startups?
That's
still
I
I
think
manageable,
but
then
think
about
all
the
really
big
companies
and
and
we're
talking
like
big
fintech
companies,
a
big
Healthcare
they've
got
their
own
home
resolution.
It's
very
hard
to
scale
they're
getting
more
people.
It's
it's.
You
know
it
takes
up
so
much
like
time
for
the
developers
to
be
able
to
manage
this
solution,
and
here
the
decision
comes
like
do.
Do
they
do
they
move?
Do
they
stick
with
what
they
have?
Is
it
worth
it?
B
A
A
This
tension
between
having
higher
quality
and
having
a
higher
velocity
there
you
always
have
to
choose.
You
can't
have
both.
So
it's
about
finding
the
right
equilibrium
point
for
you
with
each
moment
in
time
and
as
every
product
every
company
every
problem
space
is
a
snowflake
I.
A
A
To
say
everyone
has
to
have
authorization
as
a
service
that
they
want
I'd
like
to
say
that,
but
I
don't
actually
believe
in
that
I
think
what
you
want
to
have
is
the
amount
of
Access
Control
that
you
need
at
each
point
and
you
shouldn't
invest
it
at
the
minimum
that
you
have
but
be
aware
that
it's
going
to
change
be
aware.
The
more
requirements
around
compliance
around
security
about
features,
access
control,
for
example-
is
really
about
how
people
use
the
product.
So
that
really
translates
into
features
that
the
customer
asks
for
gives
me
invites.
A
Give
me
impersonation
give
me
approval
flows
a
lot
of
things
like
that,
so
those
things
are
coming.
If
you
like
it
or
not.
So
it's
about
finding
your
equilibrium
points
but
planning
to
be
able
to
transition
into
more
things,
and
there
I
think
best
practices
can
really
be
helpful.
Things.
A
Doesn't
to
use
policies
code
doesn't
cost
you
that
much
it's
another
way
to
define
your
access
control.
It
doesn't
add
a
lot
of
overhead
decoupling,
your
policy
from
your
code,
so
having
a
separate
microservice
for
authorization
even.
A
Function
that
initially
just
returns
through,
like
it
checks,
if
it's
your
email,
it
returns
true,
if
not,
it
returns
false,
even
that
is
better
than
having
that
same
line
of
code
embedded
within
within
the
product
itself.
A
Want
to
upgrade
they
have
a
box
ready.
You
can
just
pour
more
capabilities
into
it
and
upgrade.
A
In
general,
I
think
that's
one
of
the
best
practices
in
trans
that
already
saw
its
Fluition
and
fruitation
and
growth
in
the
cloud
computing
space
microservices
are
I,
don't
think
you
have
to.
You
might
break
everything
into
a
micro
service,
but
using
microservices
to
a
certain
degree
having
some
granularity
and
having
to
decouple
your
services
is
really
a
very
smart
best
practice.
If
you
plan
to
scale
your
software
and
if
you're,
building
a
business,
you
are
planning
to
scale
your
software
microservices,
at
least
to
some
degree
having
a
few
microservices
is.
A
And
then,
when
you
have
that
you,
you
can
try
to
identify
the
areas
that
are
that
are
separate
that
are
not
part
of
your
core
product.
A
You
can
start
with
something
that
you
brew
on
your
own
or
start
with
an
open
source
or
start
with
a
service
in
the
cloud.
But
you
want
it
separate,
you
don't
want
it
locked
in
and
coupled
with
your
own
code.
So
when
new
demands
come
in,
you
can
switch.
B
In
place
and
and
grow
quickly,
I
think
that's
that's
about
it.
So
summarize.
A
Microservices
decoupling,
your
code,
finding
the
right
balance
point
for
you
throughout
at
each
point
in
time
and
gradually
adapting
more
services
and
tools.
So
you
can
meet
the
standards
instead
of
constantly
having
to
refactor
your
own
code,
which,
which
is
very
expensive.
B
And
and
I
think
and
I
think
with
this
situation
and
kind
of
applies
to
any
kind
of
developer
tool.
Product
for
a
company
to
use
is
actually
finding
the
problem
within
your
own
system
and
seeing
if
it
can
be
improved
and
I.
Think
quite
often
you
know
it's
hard
to
realize
if
that
problem
exists,
or
maybe
it's
hard
to
realize,
to
take
the
first
steps
to
actually
do
that
now,
of
course
at
permit.
B
We
would
love
for
everyone
to
use
authorization
and
to
implement
it,
a
full
stack
solution,
but
there
are
sometimes
situations
where,
of
course,
you
know
someone
might
find
a
Homebrew
solution
more
beneficial.
Maybe
there
are
some
cases
where
you
know
it
might
be,
maybe
not
necessarily
easier,
but
maybe
more
compliant
or
or
maybe
something
like
that.
Do
you
have
any
opinions
about
that
like.
A
A
B
A
B
B
A
B
It
is
yeah,
it
is,
and
I
I
mean
I
think
in
general,
when
there
is
a
solution,
any
solution
for
any
company
that
can
be
that
a
company
can
save
time
on
I.
Think
that's
really
beneficial
in
general.
I
think
every
every
time
that
you
notice
that
there
is
a
problem
and
you
notice
that
you
struggle
with
the
problem
and
that
there
is
no
simple
solution
that
you
can
find
for
it.
B
That's
usually
the
time
when
you
should
start
thinking
about
kind
of
Outsourcing
it
to
other
companies
who
have
spent
and
dedicated
a
whole
team
to
making
sure
that
the
problem
is
understood
that
the
problem
is
solved
and
that
the
problem
is
solved
very
well
so
then,
later
on,
when
the
company
grows
and
it
scales,
you
know
you
don't
have
that
issue
coming
up
now:
kind
of
moving
on
I'd
like
to
just
kind
of
touch
on
and
get
your
opinion
about.
What
do
you
think
about
just
authorization
growing
in
2023
and
so
next
year?
B
What
kind
of
things
can
we
see
pop
up
that
maybe
people
are
not
expecting
and
what
would
the
generic
kind
of
Trends
be?
Is
there
any
kind
of
differences
that
will
be
noticeable
that
we'll
be
able
to
see
and
maybe
kind
of
jump
on
the
wagon
and
use
to
make
it
better
for
for
any
kind
of
company.
A
Yeah,
so
maybe
it's
worth
to
kind
of
glance
back
at
the
short
history
of
modern
authorization.
So
this.
B
A
Nascent
space
it
basically
started
to
grow
around
2020,
maybe
2019.
If
you're,
really
optimistic
policies
code,
this
kind
of
grew
Solutions
like
Opa,
open
policy
agent
started
to
become
more
popular,
especially
with
the
growth
of
kubernetes
and
the
infrastructure
is
code
space
or
in
general.
The
infrastructure
in
the
cloud
space
really
pushed
the
growth
of
this
space,
and
now
it's
starting
to
come
into
the
application
development
itself.
A
You
mean
I
I,
built
it
on
your
own
I
I,
just
they
gain
a
few
if
conditions
into
my
code
and
that's
it
I
I
take
a
Json
web
Target
like
that's
the
more
sophisticated
ones,
I
take
adjacent
that
I
get
from
my
authentication
and
I
pushed
a
lot
of
claims
into
that,
and
then
I
write
code
that
parses
all
the
claims
in
the
Json
web
token
and
Aquarium
to
that
I'll
I'll
have
authorization
within
my
within
my
product
and
I.
A
Think
people
are
as
this
space
is
growing
and
more
people
are
becoming
aware.
There's
an
alternative
to
building
on
your
own.
It
will
gradually
become
a
standard
I
think
it's
already
at
the
cost
of
of
that
point,
and
with
that
there's
also
the
maturity
of
the
products
themselves.
Open
policy
agent
is
just
one
example,
but
more
policy
engines
are
out
there.
I
think
the
most
prominent
new
one
that
I
want
to
mention
is.
A
So
there's
a
policy
engine
that
will
soon
be
embedded
into
your
AWS
cloud
service,
and
so
this
will
really
become
the
building
blocks,
all
the
Cs
code
engines
to
parse
them
services
to
have
apis
for
them.
Those
within
the
next
couple
of
months,
even
I,
think
would
become,
would
proliferate
the
space
and
become
very
commonplace.
A
Then
this
question
moves
to
how
do
people
adopt
this
and
how
do
they
maintain
this
and
how
they
work
with
this
long
term
and
there?
What
I
think
we'll
see
is
that
people
don't
want
to
maintain
this
crap
people
don't
want
to
write
policies
as
code
people
don't
want
to
build
interfaces
on
top
of
them.
They
just
want
to.
They
just
want
to
be
able
to
check
off
this
thing,
so
they
can
actually
focus
on
building
the
products.
A
Focus
of
course,
and
and
also
the
fact
that
I
always
thought.
Okay,
this
time,
I've
built.
A
A
So,
for
example,
we
work
with
we
worked
actually
with
Cisco
as
a
vendor
and.
A
In
and
said,
we
want
our
own
another
vendors.
B
A
As
a
co-seller,
and
they
always
said
that
we
want
our
own
back
office
and.
B
A
A
B
A
Have
to
go
back
to
the
drawing
Point
so
having
those
so
mentioning
the
back
office
in
the
end
of
the
day,
access
control
is
about
experiences.
It's
about
interfaces
that
people
can
use
user
management
with
the
ability
to
assign
roles,
API,
Key,
Management,
Secrets
management,
audit
log,
so
the
ability
for
you
as
a
vendor
to
see
what
all
of
your
customers
did
all
of
the
tenants
did
and
the
ability
for
each
of
your
tenants
each
of
your
customers
to
see
what
they
did
on
their
own.
A
The
ability
to
ask
permissions
from
another
user
the
ability
to
have
an
action
that
you're
performing
approved
by
another
user.
This
list
just
goes
on
and
on,
and
it's
really
classic
things
and
I
think
these
things
should
be
ready-made.
I
think.
B
A
Should
be
interfaces
that
you
can
just
bake
into
your
software,
just
like
in
bacon
and
logging
screen,
just
like
you
bake
in
a
checkout
cart,
just
like
you
bake
in
dashboards.
This
should
be
ready
to
bake
it
into
your
back
office
and
to
bake
in
into
your
product
facing
customers.
So
people
don't
have
to
deal
with
this.
They
don't
have
to
think
about
Reinventing
this.
They
don't
have
to
think
about
how
to
make
this
secure.
How
to
make
this
online.
A
This
work
yeah
we're
seeing
a
point
where
the
infrastructure
is
getting
really
standardized
policies
code
is
both
getting
more
polyglot
and
but
it's
also
getting
standards
and
best
practices
that
people
can
adopt.
We're
seeing
apis
for
this
becoming
very
commonplace
and
I.
Think
the
next
thing
is
the
really
the
experiences
the
interfaces.
A
Are
also
becoming
standardized
so
when
you
come
to
an
AI
model
or
you
come
into
a
product,
you
already
know
the
interface
that
you're
getting
because
it's
the
standard
one.
It
has
been
customized
for
you,
but
it's
a
standard
interface
that
allows
you
to
work
with
complex
policies
and
permissions,
but
the
developer
that
built
it
didn't
need
to
reinvent
it
and
you,
as
a
user
gonna,
have
to
relearn
it
and
that's
really
I
think
one.
The
next
step
in
in
the
permissions
or
authorization
space.
B
Yeah
I
I
see
a
a
common,
Trend
and
I
think
a
lot
of
people
when
we're
talking
about
security
and
when
we're
talking
about
authorization
they
understand,
or
at
least
the
first,
the
first
people
that
even
learn
about
authorization.
They
usually
just
understand
it
on
the
concept
of
admin
and
non-admin
right,
but
I,
don't
think
they.
They
have
a
concept
of
understanding
how
complex
it
gets
and
you've
mentioned
so
many
things.
B
Just
now
about
you
know:
API
Key
Management,
you
know
kind
of
just
making
sure
that
all
of
these
all
of
these
examples
are
actually
implemented
and
work
and
then
providing
the
experience
for
the
user,
and
you
know:
I've
been
I've,
been
a
front-end
developer,
that's
kind
of
what
what
I
really
enjoy
and
and
that's
kind
of
what
I
like
during
my
free
time
and
I
know
how
important
user
experience
is,
especially
when
it
comes
to
dealing
with
complex
subjects,
so
I
think
we're.
B
A
creative
artists
at
heart,
I
guess,
that's
kind
of
true
and
and
I
can
just
and
I
can
just
see
not
only
how
much
simpler
it's
going
to
make
it,
but
how
much
the
people
are
actually
going
to
appreciate
it
because
you
know
at
the
end
of
the
day
it's
about
making
things
easy
it
you
don't
want
to
over
complicate
things,
nobody
likes
learning
about
complex
stuff
and
then
trying
to
apply
it.
Well.
Actually,
maybe
some
do,
but
you
know
that's
I.
A
Know
the
stack
is
constantly
becoming
more
bigger,
wider,
more
scalable,
so
we
need
to
specialize.
You
can
do
everything
all
of
the
time
so
and
then
the
focus
shifts
on
what?
What
is
your
core
I?
Think?
That's
something
that
every
developer
every
company
should
ask
themselves.
What
is
our
core?
A
What
is
it
that
we
do
when
we
focus
on
and
is
unique
to
us,
that
no
other
company
is
doing
and
that
question
I
think
can
really
divide
this
page
I
think
the
things
that
you
should
spend
your
time
on
and
the
thing
is
that
you
should
just
swipe
off
your
table.
B
Exactly
exactly
okay,
cool,
so
I
think
I
I'd
want
to
add
a
little
bit
from
myself,
just
in
general.
What
I
think
might
happen
with
with
devsecops
Coming
the
next
year
and
I
think,
especially
maybe
focusing
on
the
subject
of
our
authorization
I
think
we're
definitely
going
to
see
authorization
evolve.
B
A
lot
like
we've
mentioned
we're
definitely
going
to
see
kind
of
experiences
come
into
place,
experiences
as
part
of
death
setups,
which
I
think
is
really
interesting,
because
usually
it
was
just
very
core
stuff
that
you
know
hardcore
developers
were
focusing
on,
but
now
we're
actually
getting
to
the
stage
where
you
know
that
obstruction
that
no
code
UI
will
come
into
place
and
that
management
of
all
these
really
important
topics
will
be
will
be,
will
evolve
and
will
become
something
that
essentially
becomes
almost
Plug
and
Play,
which
I
think
is,
is
Great
Value
to
the
whole
developer.
B
Community
I
think
that
there
is
going
to
be
a
whole
increase
in
in
the
in
the
kind
of
maybe
other
players
in
the
market
that
do
offer
this
kind
of
solution.
But
of
course,
I
think
it's
quite
an
interesting
thing
that
we
see
a
lot
of
other
companies,
do
infrastructure
level
authorization,
but
very
very
little
do
application,
Level
authorization
and-
and
it
seems
like
you
know,
infrastructure
is
very
important,
but
also
managing
those
permissions.
A
Yeah
for
sure
so
I
think
we've
covered
some
some
good
topics
here.
I
think
we
had
some
recurring
things,
both
with
low
code
no
code,
both
of
shift
left
kind
of
speeding
up
and
bringing
all
the
other
stakeholders,
not
just
developers
into
the
mix.
We
touched
on
how
compliance
is
speeding
up
through
kind
of
a
well,
not
a
vicious
cycle,
but
some
kind
of
cycle.
A
A
A
We
talked
about
what
we've
seen
for
our
customers,
specifically
in
companies
in
general,
the
space
we're
seeing
fintech
a
Healthcare
Company
healthcare
companies
and
security
companies,
kind
of
lead
the
charge
both
with
dealing
with
compliance
and
adopting
these
new
solutions
for
better
Security
based
in
into
the
products
that
they're
working
on,
and
we
cover
a
lot
of
things.
But
I
think
these
are
like
the
main
themes
we
touched
on.
A
Watching
us
also
enjoy
this,
and
maybe
again
a
few
tips
or
insights,
or
at
least
interesting
Trends,
to
think
about
for
looking
back
at
the
year
that
we
had
and
looking
at
the
upcoming
year,
that
we
have
and
I
hope,
we'll
all
have
a
a
good
compliance,
secure
and
filled
with
great
software
year
ahead
of
us
and.
B
Absolutely
and
I
think
I
think
in
general
it's
it's
important
to
mention
that
we
are
very
kind
of
open.
We
love
chatting
with
others,
especially
about
developer
security,
we're
very
easy
going.
So
you
know
we'd
always
would
always
recommend
that
you
know
you
jump
on
and
join
our
slack
and
ask
us
anything
about
security,
and
you
know:
we've
got
a
whole
team
here.
B
That's
really
eager
and
passionate
about
the
subject,
so
would
be
most
interested
in
engaging
in
the
conversation,
and
you
know
seeing
seeing
what
we
can,
what
we
can
discuss
and
kind
of
the
interesting
topics
we
can
cover.
A
Yeah,
if
you
enjoyed
this
conversation
between
Philippina
and
you'd
like
to
have
a
similar
conversation,
just
brainstorming
ideas,
talking
about
what
you're
building
and
getting
our
input
on
it
or
just
brainstorming,
around
security
and
Cloud
development.
We
love
to
do
that.
Just
it's
fun
for
the
the
reason
we
do.
What
we
do
is
because
we
love
engaging
with
other
developers
and
other
security
practitioners.
A
A
Don't
have
to
you,
don't
even
have
to
talk
to
us
about
permit
the
product
or
about
the
global.
B
A
A
For
everyone
watching
and
have
a
great
year,
bye.