Authz as a dev workflow: architecting better cloud native apps

A presentation at KubeCon + CloudNativeCon EU 2025 in in London, UK by Daniel "phrawzty" Maher

Every request in a cloud-native application needs authorization, but let’s be honest: most developers see it as a pain-point rather than an advantage. This talk explores why authorization belongs in your application’s critical path, and how making it a core part of the development process improves developer experience. We’ll look at how CNCF authorization projects and open standards from the OpenID Foundation are rethinking authorization from the ground up. Through real-world examples, we’ll show how modern authorization patterns fit into existing workflows, help catch access control bugs early, and make developers’ lives easier. Attendees will leave with practical patterns for building maintainable access control logic, strategies for testing authorization rules effectively, and proven approaches for embedding security into your development workflow from the start. Whether you’re building new systems or improving existing ones, you’ll learn how to make authorization work for you.

Video

Resources

The following resources were mentioned during the presentation or are useful additional information.