While I think this is a cool idea, the thought of hitting the network via an API call at minimum once per request sounds ... less than ideal. That's a lot of latency add just to check authorization. And you go to all this effort to configure authorization in Warrant per-user and per-resource, why not just put it into your own tables?
Edit: and I just saw the pricing... 1k API calls a month? I'd quite literally hit that in minutes. :)
Thanks for the feedback! Latency/perf is definitely top of mind. We're looking at different ways to improve it (caching, sidecar integrations, private cloud deployments), especially for large volume users. But we still believe that a service-driven approach is the way to go.
In terms of initial setup and configuration, I agree there's room to improve and remove friction. We're building tools and integrations that should just make this much easier.
We're also iterating on price and do offer volume discounts. So if that's an issue, reach out to us! (aditya@warrant.dev)
As a founder of a startup building an authorization product, I can definitely say it's super appealing to build this as a service! It makes for a an easier story around monetising it.
When we were building Oso [1], we were optimising for the best thing for developers, and reached the same conclusion as you... (a) It doesn't make sense to rearchitect your app to move all the data to a separate service, and (b) it's way less complex to build it in the application. That's why we're building Oso as an open source library instead. You get to leave your application data in the application, and don't need to worry about adding an external service to the critical path.
Come on, isn’t it just a bit not ideal to go point by point in someone’s yComb announcement thread (which is sort of a happy event because historically a lot did cool things and grew really hot) re: someone else’s biz? Maybe you do a showHN the other company if it’s so differentiated to let these guys just starting out try to put their message out to the world.
Sorry didn’t mean to word that negatively btw. On mobile not at home.
I think it’s pretty normal for this to happen on launch and show HN posts (just like it’s normal for a fellow HN user to tell you that your startup can be cloned in a day.) We’re an odd bunch. :)
We don't usually let people change the subject to their own thing in someone else's launch thread. It's boorish.
We're a little less active about it in YC launch threads, though, because of the first principle of HN moderation: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu.... That's why I haven't said anything in the places this has happened in today's thread.
Fair enough. Though I don’t agree that discussing or mentioning a competitor is changing the subject, especially when that competitor addresses some of the issues originally mentioned.
Thank you! Pundit is awesome, they did such a great job with it and we drew a lot of inspiration from it.
We're heavily focusing on adoption of the open source product right now for helping developers with application authorization. We do currently charge for things like support + consulting, but in the future we're planning on providing additional functionality through a service that would be more on the operational/security side.
Edit: and I just saw the pricing... 1k API calls a month? I'd quite literally hit that in minutes. :)