Stay updated with our latest job postings by following us on LinkedIn and join our Discord community for daily notifications.

Dev Korea #1 brought together 30+ developers at Picky's awesome venue for Francis Chung's eye-opening talk on permissions, plus great networking over pizzas and drinks.

Authorization without the anxiety: Dev Korea #1 Recap

On August 28th, we kicked off our Dev Korea #1 series with something special β€” an intimate evening of 30+ passionate developers gathering at the fantastic Picky venue. Francis Chung's talk on permissions had everyone nodding in recognition (and maybe wincing at shared painful memories πŸ˜…), while the pizzas and networking afterwards kept the conversations flowing well into the night.

🎯 The talk that hit close to home

Permission impossible - Dead reckoning pain by Francis Chung

Francis brought 30+ years of engineering wisdom to tackle one of those topics that makes every developer's eye twitch a little: permissions and authorization. His opening question resonated with everyone in the room β€” "Why is adding a new role or permissions so painful and difficult? Why do some people dread it more than going to the dentist?" 🦷

talk

The talk was structured perfectly, covering:

  • Permissions fundamentals and why they're so challenging
  • Authentication vs Authorization β€” the crucial distinction between AuthN and AuthZ
  • Different Access Control Models with real-world implications
  • Practical code examples that developers could immediately relate to
  • Live Q&A that sparked fantastic discussions

πŸ”§ Technical deep dive: the good, bad, and complex

Francis walked us through the authorization landscape with impressive depth, comparing different approaches:

Topaz emerged as his recommended solution β€” an open-source authorization engine by Aserto that supports Open Policy Agent (OPA) and Zanzibar patterns. He highlighted its JSON-like DSL for policies and support for RBAC, ABAC, and ReBAC models.

The Google Zanzibar ecosystem got significant attention, with Francis breaking down both open-source options (SpiceDB, OpenFGA, Ory/Keto, Permify, Permit.io, and Topaz) and commercial solutions (Oso, Auth0/Okta). Those Google Zanzibar stats were mind-blowing: 95th-percentile latency under 10 milliseconds, 99.999% availability over 3 years, and handling over 10 million queries per second across 10,000 servers. Planetscale numbers indeed! πŸš€

Relationship-based Access Control (ReBAC) sparked the most discussion. Francis outlined its strengths β€” granular permissions, scalability, visual representation, and centralized management β€” while being honest about the challenges: complex relationship mapping, the graph theory learning curve, and potential auditing difficulties.

Attribute-based Access Control (ABAC) got a balanced treatment. While offering granular permissions and better security compliance, Francis didn't shy away from discussing its complexity, performance concerns, and the notorious XACML markup language that many developers prefer to avoid.

Role-based Access Control (RBAC) received perhaps the most practical discussion. Francis showed clean Python code examples demonstrating typical API endpoint calls and authorization checks. The pros were clear β€” ubiquitous, easy to implement, great for small-to-medium apps β€” but he was equally candid about the cons: scalability issues for enterprise applications, role explosion problems, and tight coupling between permission logic and code logic.

πŸ• Perfect fuel for great conversations

Thanks to Dev Korea's sponsorship, we kept everyone well-fed and happy with:

  • Delicious pizzas that had people going back for seconds (and thirds!)
  • Plenty of drinks to fuel the networking conversations πŸ₯€
  • That perfect combination of good food and great company

The atmosphere was exactly what we aimed for β€” relaxed, friendly, and perfect for making new connections. With 30+ people, it felt intimate enough for meaningful conversations while still bringing that vibrant community energy we love. The post-talk discussions were particularly rich, with developers sharing their own authorization horror stories and comparing notes on different implementation approaches.

πŸ™Œ Massive thanks

This event wouldn't have happened without some amazing support:

  • Picky for providing such a great venue
  • Francis Chung for sharing his incredible insights and making permissions actually interesting (no small feat!) β€” bringing his experience from Alt.Net and DDD-AU meetups in Australia really showed
  • Dev Korea for sponsoring the food and beverages that kept everyone happy
  • All 30+ of you amazing developers who brought the curiosity, questions, and energy that made the evening special ✨

πŸ‘€ What's coming next

The intimate scale of Dev Korea #1 reminded us why we love building this community β€” it's about creating genuine connections and sharing knowledge that actually helps us build better software. The technical depth of Francis's presentation combined with the casual networking atmosphere struck exactly the right balance.

We're planning our next events and aim to host at least one event per month, so there's always something exciting on the horizon! Check out dev-korea.com/events to stay updated on what we're cooking up next.

Want to stay connected with what we're building? Follow us on LinkedIn, X, join our Discord server, and subscribe to our Weekly Dev Korea Digest Newsletter for all the latest updates.

Here's to more nights of code, community, and conversations that actually matter! 🍻

Ready to explore your next move? Visit Dev Korea to check the latest job openings, or if you’re an employer, post a job and connect with our vibrant community of tech talent eager to contribute to Korea’s innovation ecosystem.