| Amazing work. Thanks for sharing! Having experienced my fair share of pain in this area, I’ll definitely be looking into the possibility of integrating your solution in my upcoming endeavour. I share other folks concern regarding a remote api call for authentication, but I think your Edge Agent solution would address most of these concerns. I’d thus hope to be able to terraform-apply your edge agent into my infrastructure. As for UI, I imagine that I could use your supplied solutions with minor styling for admin-and-powr-user-facing use cases, while having to customize for end-user facing solutions. I’d love to see that you also provided native mobile app samples for that, if you don’t already. Also, at first glance,I don’t see that you take care of my third-party integrated login headaches. If not, then I’d just love to be rid of that thorn in my dev-team’s side in one fell sweep. Just sayin’, and probably revealing my ignorance at the same time ;) My worries are towards vendor-lockin and inheriting uour attack surface, although I imagine that you will actually handle the security aspects better as part of your core business model than I would. Regarding vendor-lockin, I imagine that you could solve this with legal licensing. As a European, I’d also like to be 100% sure that all of your infrastructure was running in the EU. Just sharing in case my opinion is of value to you, as I appreciate the solution you are attempting to bring to the world. |
> I share other folks concern regarding a remote api call for authentication, but I think your Edge Agent solution would address most of these concerns. I’d thus hope to be able to terraform-apply your edge agent into my infrastructure.
Yes, that's the idea! The agent is a relatively straightforward go service with an image that can be deployed directly to k8s/cloud.
> As for UI, I imagine that I could use your supplied solutions with minor styling for admin-and-powr-user-facing use cases, while having to customize for end-user facing solutions.
Yes, the self-service admin dashboard is designed to be integrated into end user apps so that permissions management can be "delegated" to end users/admins. As mentioned in another comment, we're also looking into building UI components for common permissions scenarios (i.e. grant/revoke, view permissions etc) that can be directly bolted onto apps.
> I’d love to see that you also provided native mobile app samples for that, if you don’t already.
Great point! We've thought about building mobile clients/SDKs as well. I do think mobile has some specific requirements vs. web (connectivity, changing geo, device limitations etc) that we need to think more about in order to solve correctly.
> Also, at first glance,I don’t see that you take care of my third-party integrated login headaches. If not, then I’d just love to be rid of that thorn in my dev-team’s side in one fell sweep. Just sayin’, and probably revealing my ignorance at the same time ;)
Our approach thus far has been to stay squarely in the realm of authz and access control. Basically, Warrant works with any authn provider/IDP but we don't currently auto-sync users or handle 3rd party connections. But you're not the first to mention this so it's likely something we'll look into :)
> My worries are towards vendor-lockin and inheriting uour attack surface, although I imagine that you will actually handle the security aspects better as part of your core business model than I would. Regarding vendor-lockin, I imagine that you could solve this with legal licensing. As a European, I’d also like to be 100% sure that all of your infrastructure was running in the EU.
Very fair concerns! We're cognizant of the fact that we're building core infrastructure and so vendor lock-in and security are key questions. And yes, we'd offer customers a way to move-off in case they'd want to/need to (provide data dumps + a way to run the service for a transition period etc). We don't currently have infra in EU but again, that's something we can easily spin up as needed. In fact, we'd likely offer choice of DC/AZ directly in the product similar to how AWS and others do it.