Summary For any program that is used by more than one person you need a way to control identity and permissions. There are myriad solutions to that problem, but most of them are tied to a specific framework. Yosai is a flexible, general purpose framework for managing role-based access to your applications that has been decoupled from the underlying platform. This week the author of Yosai, Darin Gordon, joins us to talk about why he started it, his experience porting it from Java, and where he hopes to take it in the future. Preface Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great. I would like to thank everyone who supports us on Patreon. Your contributions help to make the show sustainable. When you’re ready to launch your next project you’ll need somewhere to deploy it. Check out Linode at www.podastinit.com/linode?utm_source=rss&utm_medium=rss and get a $20 credit to try out their fast and reliable Linux virtual servers for running your awesome app. Visit the site to subscribe to the show, sign up for the newsletter, read the show notes, and get in touch. To help other people find the show please leave a review on iTunes, or Google Play Music, tell your friends and co-workers, and share it on social media. Your host as usual is Tobias Macey and today I’m interviewing Darin Gordon about Yosai, a security framework for Python applications Interview Introductions How did you get introduced to Python? What is Yosai and what is the problem that you were trying to solve when you started it? How does Yosai compare to existing libraries for web frameworks such as Flask-Security or Django Guardian and why might someone choose Yosai instead? In the documentation it mentions that Yosai is a port of the Apache Shiro framework from Java to Python. What was most difficult about exposing a Pythonic interface while maintaining the core principles of the original? Authentication and authorization are difficult problem domains and can cause significant issues if they are not implemented in a secure fashion. How do you ensure an appropriate level of quality in Yosai to be confident having people use it? To start can you describe how the framework is architected and what is involved in integrating it with a project? Outside of the context of web applications, what are some situations where someone should consider integrating authentication and authorization into their project? What have been some of the most challenging aspects of building the Yosai project? Tell us about the Rust extension you wrote earlier this year What do you have planned for the future of Yosai? Keep In Touch Website GitHub @darin_gordon on Twitter Picks Tobias Brains On! podcast Darin The Asphalt Framework. Asphalt is an asyncio-based microframework for network oriented applications. Links Yosai Project Web Page Github Repo RBAC Apache Shiro TOTP Pyramid SOLID Builder Pattern POJO Corey Benfield Hyper HTTP/2 Library Passlib Hugo MKDocs YAML Middleware IoT Authz in Rust PyO3 Snaek PyCon Canada PyCascades JSON Web Tokens The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA