Explore a comprehensive talk on implementing authorization in software systems. Delve into the challenges of controlling "who can do what" in applications, moving beyond identity and authentication standards like SAML, OIDC, and SPIFFE. Learn why hardcoding authorization logic against authentication attributes can lead to difficult-to-maintain systems. Discover how to leverage the Open Policy Agent, used by companies like Netflix and Chef, to build powerful and flexible authorization systems. Understand the benefits of decoupling authorization from authentication, resulting in more manageable and fine-grained control over applications. The presentation covers introduction, heavy lifting in authorization, differences between authentication and authorization, OAuth, app authorization, common approaches, tradeoffs, and includes a demo showcasing various use cases.