Continuous Authorization lives and dies by its rule set; are they doing what you want, are they doing what you want without burning down the house, are they still doing what you want three years later, after multiple people who didn’t understand them have been busy updating them.

We’ll share some real-world experience of rulesets that have been in place and growing for over 6 years and now exist as the problem that nobody likes, everyone fears, but we all can’t live without.

Through this session we’ll explore and propose answers to the following questions:

·      who is responsible for defining the rules?

·      how do you document them successfully?

·      how do you avoid rule spaghetti?

·      how do you know they’re still appropriate?

·      most importantly: how do you convince the business the world will not stop if you remove obsolete rules?

Defining rules is a group activity as such we’ll cover these questions not just from the technical implementors perspective but also the product owners, business analysis and the wider business.  If you’ve every looked at your current rules and wonders what the hell happened this is the session for you!