[nogridbag]

A bit late to the party, but future HN searchers may read this. I think Cerbos is pretty straightforward and possibly the least risky option if the company ceases to exist. It doesn't have the concept of a data plane. So basically you call the Cerbos microservice and you must provide all the data that can possibly be used to make the authorization decision. Depending upon your app, that may be a pro or con.

Personally, for what I'm building it's a pro. I like the simplicity. Other authz sass products want to own your user store to implement their fancy features you see in their marketing. Cerbos doesn't have those fancy features (such as UI components). Once again, that may be a pro or con.

At the time of writing (Cerbos v0.37), I find Cerbos' scope functionality is not very well thought out and possibly dangerous if it's not well understood. And the marketing/documentation on multi-tenancy is a bit deceiving in that out of the box it may only be a good fit for a certain type of multi-tenancy. Definitely do a POC to see if it will fit your needs. But the company seems responsive to feedback and I think they will address this in future updates.