Blueprints
June 8

Authorization at scale in platform environments

Security is a complex topic. It requires the developer to think about many possibilities and ways to protect their application from external and internal attacks, using audit and trace. In this talk, we share how to abstract away the complexity in platform environments, introducing concepts of permissions validation for access to APIs and services.
Talk abstract

Every day MercadoLibre has more than 10k deploys with over 12k engineers working on its products. In this talk we discuss the challenges of having a platform with a high level of authorization in its APIs and maintaining availability. We’ll cover the purpose of having an authorization module inside your Internal Developer Platform (IDP), to add auditing, traceability, and visibility to security teams, and whenever it’s needed the most. 

Join our talk to discover:

  • The challenges when implementing an AuthZ strategy in your IDP 
  • Tradeoffs to consider for adoption at scale
  • What we learned on this journey