I'm curious what's driving the resurgence in interest authorization infrastructure, particularly the Zanzibar paper. As founder of Oso (https://www.osohq.com/), I have my own opinions, and I think this is a good thing. But would love to hear others' points of view here.
Pandemic times and working from home. Companies were already exposed by their employees mobile devices and by people working on public wifi networks, like catching up on email while having coffee at the neighborhood coffee house. Now with employees more-or-less permanently remote, what is the corporate network? Add to that the realization that as organizations adopt more and more SaaS offerings into their operations, the distinction between "corporate network" and "public network" vanishes. The old VPN/firewall/DMZ perimeter model was leaky anyway.
My guess is that it is mainly driven by the increasing adoption of microservice (or just generally more distributed architectures). Doing fine-grained authorization in that type of architecture quite difficult and people are starting to realize that.
Agree.
That and the fact that customers today are more sophisticated, requiring their vendors to provide the ability to create custom "roles" and "permissions" in the used applications.
I think the other replies to you are probably correct, but I also can't help but think that a lot of the small/mid size businesses that use AD for Auth, have been on prem for years, and weren't really planning to make a move very soon until the Pandemic hit, have sort of run face first into the fact that they're really stuck with Microsoft now and when Azure AD goes down, their whole business tends to go with it. I don't think there's an easy solution here, but I've seen some places coming face to face with this reality and there's been some very mixed feelings and not many alternatives.
Fair, but even still AD only gives you a piece of the puzzle when it comes to authorization. You still have to do all the modeling and implementation inside your app and map it to however that's stored in AD.
Some factors might include increasing usage of microservices, frontend SPAs, serverless, and more early startups looking to integrate with enterprises, who now have high expectations of what's possible thanks to Auth0 and the like.
