| Thanks for the feedback! Hoping my responses will be quoted properly: > I share other folks concern regarding a remote api call for authentication, but I think your Edge Agent solution would address most of these concerns. I’d thus hope to be able to terraform-apply your edge agent into my infrastructure. Yes, that's the idea! The agent is a relatively straightforward go service with an image that can be deployed directly to k8s/cloud. > As for UI, I imagine that I could use your supplied solutions with minor styling for admin-and-powr-user-facing use cases, while having to customize for end-user facing solutions. Yes, the self-service admin dashboard is designed to be integrated into end user apps so that permissions management can be "delegated" to end users/admins. As mentioned in another comment, we're also looking into building UI components for common permissions scenarios (i.e. grant/revoke, view permissions etc) that can be directly bolted onto apps. > I’d love to see that you also provided native mobile app samples for that, if you don’t already. Great point! We've thought about building mobile clients/SDKs as well. I do think mobile has some specific requirements vs. web (connectivity, changing geo, device limitations etc) that we need to think more about in order to solve correctly. > Also, at first glance,I don’t see that you take care of my third-party integrated login headaches. If not, then I’d just love to be rid of that thorn in my dev-team’s side in one fell sweep. Just sayin’, and probably revealing my ignorance at the same time ;) Our approach thus far has been to stay squarely in the realm of authz and access control. Basically, Warrant works with any authn provider/IDP but we don't currently auto-sync users or handle 3rd party connections. But you're not the first to mention this so it's likely something we'll look into :) > My worries are towards vendor-lockin and inheriting uour attack surface, although I imagine that you will actually handle the security aspects better as part of your core business model than I would. Regarding vendor-lockin, I imagine that you could solve this with legal licensing. As a European, I’d also like to be 100% sure that all of your infrastructure was running in the EU. Very fair concerns! We're cognizant of the fact that we're building core infrastructure and so vendor lock-in and security are key questions. And yes, we'd offer customers a way to move-off in case they'd want to/need to (provide data dumps + a way to run the service for a transition period etc). We don't currently have infra in EU but again, that's something we can easily spin up as needed. In fact, we'd likely offer choice of DC/AZ directly in the product similar to how AWS and others do it. |