| Hey HN! Ege from Permify here. Permify is an open-source authorization service and policy engine based on Google-Zanzibar[0] with our own twist. Me and my co-founders have known each other for years since high school. And we love building things. We have both worked with fortune 500 companies to small businesses [1], and every authorization system was unique. Yet we always tackle the same problems. - Modeling the authorization logic was hard. As the product grows things get complicated very fast. So, it’s challenging to design a model that’s both easy to start with and future-proof. [2]
- Designing the architecture was a dread. It’s not a huge problem when you have a monolith. But when it comes to micro-services it’s a nightmare since authorization data is a subset of application data. [3]
- Authorization checks occur in so many places; like user interfaces, routers, API endpoints, database queries… So, choosing where to enforce authorization, and loading the authorization data is hard. So, Permify syncs your authorization data as relation tuples with CDC(Change Data Capture) from Databases you want to a DB you point at.[4] And based on this data you can get boolean returns for your access control checks. I know many alternatives had launched at HN over the course of time. So what’s the twist. What we concurrently encountered was orchestrating the authorization data was a nightmare. What you can except from Permify in following months; - Message broker to support more Databases.
- Redis Cache support.
- Better debugging and auditing tools such as transparency logs.
- More compatibility with the Zanzibar paper. [0]: https://research.google/pubs/pub48190/ [1]: https://www.permify.co/post/why-decouple-authorizations [2]: https://medium.com/building-carta/authz-cartas-highly-scalab... [3]: https://medium.com/airbnb-engineering/himeji-a-scalable-cent... [4]: https://dbconvert.com/blog/postgresql-change-data-capture-cd... |