Date: Sat, 29 Jul 2017 22:00:00 -0400
<h3>Summary</h3> <p>For any program that is used by more than one person you need a way to control identity and permissions. There are myriad solutions to that problem, but most of them are tied to a specific framework. Yosai is a flexible, general purpose framework for managing role-based access to your applications that has been decoupled from the underlying platform. This week the author of Yosai, Darin Gordon, joins us to talk about why he started it, his experience porting it from Java, and where he hopes to take it in the future.</p> <h3>Preface</h3> <ul> <li>Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.</li> <li>I would like to thank everyone who supports us on <a href="https://www.pythonpodcast.com/podcastinit?utm_source=rss&utm_medium=rss">Patreon</a>. Your contributions help to make the show sustainable.</li> <li>When you’re ready to launch your next project you’ll need somewhere to deploy it. Check out Linode at <a href="https://www.pythonpodcast.com/linode?utm_source=rss&utm_medium=rss">www.podastinit.com/linode?utm_source=rss&utm_medium=rss</a> and get a $20 credit to try out their fast and reliable Linux virtual servers for running your awesome app.</li> <li>Visit the <a href="https://www.pythonpodcast.com?utm_source=rss&utm_medium=rss">site</a> to subscribe to the show, sign up for the newsletter, read the show notes, and get in touch.</li> <li>To help other people find the show please leave a review on <a href="https://itunes.apple.com/us/podcast/podcast.-init/id981834425?mt=2&uo=6&at=&ct=&utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">iTunes</a>, or <a href="https://play.google.com/music/m/I7ogju4xv6adasgqz6545jndgsy?t=Podcastinit_-_Python_and_the_people_who_make_it_great&utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Google Play Music</a>, tell your friends and co-workers, and share it on social media.</li> <li>Your host as usual is Tobias Macey and today I’m interviewing<br /> Darin Gordon about Yosai, a security framework for Python applications</li> </ul> <h3>Interview</h3> <ul> <li>Introductions</li> <li>How did you get introduced to Python?</li> <li>What is Yosai and what is the problem that you were trying to solve when you started it?</li> <li>How does Yosai compare to existing libraries for web frameworks such as Flask-Security or Django Guardian and why might someone choose Yosai instead?</li> <li>In the documentation it mentions that Yosai is a port of the Apache Shiro framework from Java to Python. What was most difficult about exposing a Pythonic interface while maintaining the core principles of the original?</li> <li>Authentication and authorization are difficult problem domains and can cause significant issues if they are not implemented in a secure fashion. How do you ensure an appropriate level of quality in Yosai to be confident having people use it?</li> <li>To start can you describe how the framework is architected and what is involved in integrating it with a project?</li> <li>Outside of the context of web applications, what are some situations where someone should consider integrating authentication and authorization into their project?</li> <li>What have been some of the most challenging aspects of building the Yosai project?</li> <li>Tell us about the Rust extension you wrote earlier this year</li> <li>What do you have planned for the future of Yosai?</li> </ul> <h3>Keep In Touch</h3> <ul> <li><a href="http://daringordon.com/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Website</a></li> <li><a href="https://github.com/dowwie?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">GitHub</a></li> <li><a href="https://twitter.com/darin_gordon?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">@darin_gordon</a> on Twitter</li> </ul> <h3>Picks</h3> <ul> <li>Tobias <ul> <li><a href="http://www.brainson.org/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Brains On! podcast</a></li> </ul> </li> <li>Darin <ul> <li><a href="https://github.com/asphalt-framework/asphalt?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">The Asphalt Framework</a>. Asphalt is an asyncio-based microframework for network oriented applications.</li> </ul> </li> </ul> <h3>Links</h3> <ul> <li><a href="https://yosaiproject.github.io/yosai/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Yosai Project Web Page</a></li> <li><a href="https://github.com/yosaiproject?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Github Repo</a></li> <li><a href="http://csrc.nist.gov/groups/SNS/rbac/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">RBAC</a></li> <li><a href="https://shiro.apache.org/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Apache Shiro</a></li> <li><a href="https://tools.ietf.org/html/rfc6238?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">TOTP</a></li> <li><a href="https://trypyramid.com?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Pyramid</a></li> <li><a href="https://en.wikipedia.org/wiki/SOLID_(object-oriented_design)?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">SOLID</a></li> <li><a href="https://en.wikipedia.org/wiki/Builder_pattern?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Builder Pattern</a></li> <li><a href="https://en.wikipedia.org/wiki/Plain_old_Java_object?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">POJO</a></li> <li><a href="https://lukasa.co.uk/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Corey Benfield</a></li> <li><a href="http://hyper.readthedocs.io/en/latest/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Hyper HTTP/2 Library</a></li> <li><a href="https://passlib.readthedocs.io/en/stable/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Passlib</a></li> <li><a href="http://gohugo.io/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Hugo</a></li> <li><a href="https://github.com/mkdocs/mkdocs?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">MKDocs</a></li> <li><a href="http://www.yaml.org/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">YAML</a></li> <li><a href="https://en.wikipedia.org/wiki/Middleware?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Middleware</a></li> <li><a href="https://en.wikipedia.org/wiki/Internet_of_things?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">IoT</a></li> <li><a href="https://github.com/YosaiProject/yosai_libauthz?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Authz in Rust</a></li> <li><a href="https://github.com/PyO3?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">PyO3</a></li> <li><a href="https://github.com/mitsuhiko/snaek?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">Snaek</a></li> <li><a href="https://2017.pycon.ca/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">PyCon Canada</a></li> <li><a href="https://www.pycascades.com/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">PyCascades</a></li> <li><a href="https://blog.renaissancedev.com/jwt-distributed-auth.html?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">JSON Web Tokens</a></li> </ul> <p>The intro and outro music is from Requiem for a Fish <a href="http://freemusicarchive.org/music/The_Freak_Fandango_Orchestra/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">The Freak Fandango Orchestra</a> / <a href="http://creativecommons.org/licenses/by-sa/3.0/?utm_source=rss&utm_medium=rss" rel="noopener" target="_blank">CC BY-SA</a><img alt="" height="0" src="https://analytics.boundlessnotions.com/piwik.php?idsite=1&rec=1&url=https%3A%2F%2Fwww.pythonpodcast.com%2Fyosai-with-darin-gordon-episode-120%2F&action_name=Yosai+with+Darin+Gordon+-+Episode+120&urlref=https%3A%2F%2Fwww.pythonpodcast.com%2Ffeed%2F&utm_source=rss&utm_medium=rss" style="border: 0; width: 0; height: 0;" width="0" /></p>