As application architectures evolve from monoliths to microservices, security and access control concerns increase exponentially. While identity and authentication have been decoupled from applications and moved into centralized systems, authorization remains a concern for development teams to tackle within their application code. Without a clear strategy, authorization burdens the development teams, resulting in a larger threat surface area. So what would a strategy for modern authorization in distributed environments look like? In this talk, Tim Hinrichs, co-creator of Open Policy Agent (OPA), will take us on a tour of distributed authorization architectures. You’ll get an overview of common challenges like data distribution, latency budgets, centralized management, and distributed enforcement, along with potential solutions and best practices. Based on examples from real-world deployments, attendees will learn about some of the most common design patterns applied to distributed authorization and the problems they solve.