Yosai with Darin Gordon – Episode 120

Summary

For any program that is used by more than one person you need a way to control identity and permissions. There are myriad solutions to that problem, but most of them are tied to a specific framework. Yosai is a flexible, general purpose framework for managing role-based access to your applications that has been decoupled from the underlying platform. This week the author of Yosai, Darin Gordon, joins us to talk about why he started it, his experience porting it from Java, and where he hopes to take it in the future.

linode-banner-sponsor-largeDo you want to try out some of the tools and applications that you heard about on Podcast.__init__? Do you have a side project that you want to share with the world? Check out Linode at linode.com/podcastinit or use the code podcastinit2017 and get a $20 credit to try out their fast and reliable Linux virtual servers. They’ve got lightning fast networking and SSD servers with plenty of power and storage to run whatever you want to experiment on.


Preface

  • Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.
  • I would like to thank everyone who supports us on Patreon. Your contributions help to make the show sustainable.
  • When you’re ready to launch your next project you’ll need somewhere to deploy it. Check out Linode at www.podastinit.com/linode and get a $20 credit to try out their fast and reliable Linux virtual servers for running your awesome app.
  • Visit the site to subscribe to the show, sign up for the newsletter, read the show notes, and get in touch.
  • To help other people find the show please leave a review on iTunes, or Google Play Music, tell your friends and co-workers, and share it on social media.
  • Your host as usual is Tobias Macey and today I’m interviewing
    Darin Gordon about Yosai, a security framework for Python applications

Interview

  • Introductions
  • How did you get introduced to Python?
  • What is Yosai and what is the problem that you were trying to solve when you started it?
  • How does Yosai compare to existing libraries for web frameworks such as Flask-Security or Django Guardian and why might someone choose Yosai instead?
  • In the documentation it mentions that Yosai is a port of the Apache Shiro framework from Java to Python. What was most difficult about exposing a Pythonic interface while maintaining the core principles of the original?
  • Authentication and authorization are difficult problem domains and can cause significant issues if they are not implemented in a secure fashion. How do you ensure an appropriate level of quality in Yosai to be confident having people use it?
  • To start can you describe how the framework is architected and what is involved in integrating it with a project?
  • Outside of the context of web applications, what are some situations where someone should consider integrating authentication and authorization into their project?
  • What have been some of the most challenging aspects of building the Yosai project?
  • Tell us about the Rust extension you wrote earlier this year
  • What do you have planned for the future of Yosai?

Keep In Touch

Picks

Links

The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA

Notable Replies

  1. A noob one: If one would add admin UI to Yosai would it end up with something like FreeIPA ?

  2. tmacey says:

    That's a good question. I suppose it depends on the way that you're using Yosai. I've never used either, but FreeIPA seems to have a much broader scope.

Continue the discussion https://discourse.pythonpodcast.com

Participants