RT @permit_io: CLI Launch Week is Coming! 🥳 . Unveiling a feature we’ve been building for a while- the CLI:. A powe….

RT @permit_io: We’re beyond grateful for the upvotes, feedback, and enthusiasm around Permit AI Access Control. 🙏 . Bringing AI into the wo….

#AI holds unimaginable #promise and #risk for our future. balancing that line is good old access control. Here's How we at @permit_io are setting the stage for the better.

RBAC is great- but only if you're doing it right!.Three key things that developers are falling for when they're doing RBAC and access control today:. 🔑 leveraging JWTs for everything.🔑 Role explosion.🔑 Coupling of policy and code. How are you handling access control?

I’m now sure this problem isn’t a challenge that’s unique to us. Have you encountered anything similar? I’d love to know how you solved it and what you think of this solution.🙌.

This approach allows us to offer a Monthly Active User (MAU) pricing structure at a rate significantly lower than any other authorization-as-a-service provider. You can read more about our process here: 👇

We just introduced a quota on the number of resources and rules clients can define in our system and a new startup tier. With these quotas, we can now manage our operational costs more effectively, especially when it comes to caching rules and handling the volume of API calls.😎.

Some companies may have a small number of users, but those can trigger a very high volume of authorization calls, meaning significant operational costs on our end. Here’s how we addressed this unpredictability:.

That’s why we initially designed our pricing model around Monthly Active Users to offer a predictable cost structure. This, however, created a problem for us as a SaaS provider, as it doesn’t account for the variability in authorization usage within different applications.

The thing is, authorization calls add up quickly and unpredictably. Even a single API call from a user may require multiple authorization checks. This means potentially large, unexpected expenses for our clients.

It would be easiest for us to charge clients based on the number of authorization API calls we have to process, as each call directly represents a quantifiable cost in server and infrastructure resources. That’s the way most authorization providers do it.

We’ve had a lot of startups reach out to us to help them implement fine-grained authorization, and, as an authorization SaaS, this created some pricing problems for us.🤔.

During my work on our pricing overhaul, I’ve encountered challenges I presumed were unique to our SaaS. The more I dove in, the more I felt balancing operational costs and providing predictable pricing is something other SaaS companies probably encounter as well. A Thread 🧵

Open source is a cornerstone of our civilization, but just like concrete it's time for new recipes. I'm honored to write this follow up article at the @thenewstack, check it out to learn more about the topic and OpenF an alternative to open-core.

The way to achieve this is by syncing users on the fly - either as they get created in the IdP (e.g. via SCIM, which supports) or by allowing them to propagate to the app as JWTs, and using the Authentication callback to translate to the app / Authz layer.

The translation each layer applies is valuable - e.g., translating an org-level role like “VP of marketing” to an applicative “Editor role with specific app-resource access”.

Identity information is meant to cascade like a waterfall - IdP -> Authentication -> Authorization, becoming less organization-focused and more application-specific with each step.

You probably don’t want to manage your identities in your authentication layer—that’s what identity provisioning systems are for. The authentication layer is not a register; it’s meant to verify your identities, issue tokens for them, and augment them with claims and scopes.

I’m often asked, “What’s the best way to migrate identities from my authentication to my authorization?” The answer is - DON’T ❌.🧵

There's a new Share-if in town.