Show HN: Permify Open-source Authorization Service V2 is out
permify.coAn endorsement: I've had a chance to talk with Permify folks on a casual basis (not wearing my work hat) and they seem very switched on. I think folks should take a closer look.
Congrats on the launch Firat!
Been a while since I saw the page -- looks like you all found time to do a redesign as well.
A few questions:
- Which integration is your most heavily used right now?
- Classic premature optimization question, but how easy is it to scale out Permify?
- Could Permify be used to do something like switch between Auth0 and OneLogin for example?
Hi Ege here - another founder of Permify.
- 1. Which integration is your most heavily used right now?
Currently, we don't have any official integration. But we're seeing use cases with popular authentication or identity providers to map user identities, roles, groups, etc.
- 2. Classic premature optimization question, but how easy is it to scale out Permify?
You can horizontally scale Permify Service with positioning Permify instances behind of a load balancer, also we have an internal cache mechanism that follows MVCC (multiple version concurrency control) pattern & Snap tokens to scale in terms of performance. Lastly, we’ll add consistent hashing with Hash Rings (https://itnext.io/introducing-consistent-hashing-9a289769052...), it’s in our roadmap.
- 3. Could Permify be used to do something like switch between Auth0 and OneLogin for example?
Actually can’t, Permify doesn’t handle authentication or identity management. As I stated in the first question, you can use them only to feed/map Permify with user information (attributes, identities, etc) to provide end-to-end access control structure across your stack.
Thanks for answering my questions Ege!
> Actually can’t, Permify doesn’t handle authentication or identity management. As I stated in the first question, you can use them only to feed/map Permify with user information (attributes, identities, etc) to provide end-to-end access control structure across your stack.
Ah OK, so regarding this, you could map your information in to Permify but Permify doesn't (yet?) have anything to reflect that information into another provider.
But Permify could help if you want to make rules that work cross-provider?
Not 100% sure I understand what you meant with "reflection" but to give a quick overview on data management:
Permify stores authorization data as relations in a database you prefer and perform access checks (and other queries as well) according to stored relations/authz data. And since user identities exist/stored in providers, they should be mapped Permify to store necessary authorization data/relations. So providers can feed Permify but not vice versa.
For more information about how we're managing authorization, check our docs: https://docs.permify.co/docs/getting-started/sync-data
Congrats on the launch of V2!
What are the main differences between Permify and Authzed/SpiceDB?
Thanks for the support! I'm Ege, one of the co-founders of Permify.
About the diffs, right now there are some approach differences on some features such as modeling, data filtering, auditing, etc but the main difference is we’re a fully tenancy-based solution, which gives the ability to customize the authorization for each tenant's specific needs.
Particularly, in Permify you can create custom authorization schema and relation tuples accordingly for the different tenants and manage them in a single place. We're highly invested in building and managing custom roles and permissions as a part of fine-grained access control.