For RBAC or capability-based permissions, the gateway can enrich the request or the it can be in (eg) a JWT. Then each service only has to know how to map roles/capabilities to permissions.
For ABAC it depends on lots of things, but you often evaluate access based on user attributes and context (which once again can be added to the request or go into the JWT) plus resource attributes (which is already in the microservice anyway).
For ACL you would need a list of users indeed...
Something like Google Zanzibar can theoretically live on the gateway and apply rules to different routes. Dunno how it would deal with lists, though.
After writing it down: sounds like an awful lot of work for a lot of cases.
Btw: the rule for microservices that I know of, is that they must have their own database, not their own table.
Even back then, game console manufacturers had licensing agreements with developers, so those developers had to pay royalties, even though distribution was handled by physical stores.
In some cases, some console manufacturers even handled the manufacturing of cartridges/CDs and the distribution side too.
Sorry, I'm a little confused about the relevance here. Could you elaborate a bit on how it ties into what I was saying? How did the users view products, how did they purchase them, and how did they receive them?
You asked how a company could sell (presumably third-party) apps without internet. I gave an example of it happening. Money-wise the model was very similar to Apple's AppStore.
> How did the users view products, how did they purchase them, and how did they receive them?
For the specific case of games, it was mainly via physical stores but I'm sure there were other methods such as catalogs, especially internationally.
EDIT: Remember GP is talking about the 90s and without internet, so it doesn't mean an app store where the app is instantly in your possession after clicking a button.
> Remember GP is talking about the 90s and without internet, so it doesn't mean an app store where the app is instantly in your possession after clicking a button.
Right, but how is that an app store and not just a catalog?
…am I fully misunderstanding and they just meant a physical store?
That's how Game consoles operated, so there was definitely precedent.
But it took until 93-94 for Windows to actually become dominant enough to have such leverage, some argue that this only really happened with Windows 95. Since it was an open ecosystem for almost a decade at that point, changing was hard.
The Apple AppStore was different, it was launched after the iPhone shipped 13 million units and "only allowed web apps".
Nah. Fuck Apple but the only reason Microsoft isn't doing the same thing Apple does with iOS is because they don't have a mobile operating system anymore.
Even on Windows, Microsoft has very similar notarization requirements as Apple. Microsoft requires either an ~400-500$/year EV cert (if you don't want to involve Azure), or more recently a $10/month subscription to Azure, which is almost the same as Apple's $99/year. https://news.ycombinator.com/item?id=46182546
Yeah, a lot of cross-cutting concerns fall into this pattern: logging, authorization, metrics, audit trails, feature-flags, configuration distribution, etc
The only way I can see to avoid this is to have all those cross-cutting concerns handled in the N1 root service before they go into N2/N3, but it requires having N1 handle some things by itself (eg: you can do authorization early), or it requires a lot of additional context to be passed down (eg: passing flags/configuration downstream), or it massively overcomplicates others (eg: having logging be part of N1 forces N2/N3 to respond synchronously).
So yeah, I'm not a fan of the constraint from TFA. It being a DAG is enough.
For me it isn't much intolerance, it's more of a lack of patience for the careerists.
Working with people that love what they're doing can be very chill. Working with people angling for a promotion, taking shortcuts, one-upping the co-workers and still not pulling their weight is exhausting.
This is not a new phenomenon, in the past this kind of dev also existed. Lots of people studied CompSci but didn't want to be a "lowly developer" for long and were just making time to "become a manager". Of course they never put the work for that as well. Today it's half of the people I interview: they never got good enough to become a manager, and never become good enough to pass most interviews in the market of today.
On the other hand, I got a couple manager friends who love coding and are trying to become individual contributors, but keep getting pulled into leading projects because of their expertise.
Don't get me wrong, though, everyone wants to make money and have a good career, I just prefer working with a different kind of person.
People at Apple is gonna read this and they will do a man-month’s worth of meetings but the designer and PM will never agree in whether to remove some or add more, the developers are too busy adding icons to other random places to get a promotion and the QA is filling about missing icons after finally getting around to check Tahoe.
People are saying they miss Steve Jobs but they probably just miss the product having actual direction.
For RBAC or capability-based permissions, the gateway can enrich the request or the it can be in (eg) a JWT. Then each service only has to know how to map roles/capabilities to permissions.
For ABAC it depends on lots of things, but you often evaluate access based on user attributes and context (which once again can be added to the request or go into the JWT) plus resource attributes (which is already in the microservice anyway).
For ACL you would need a list of users indeed...
Something like Google Zanzibar can theoretically live on the gateway and apply rules to different routes. Dunno how it would deal with lists, though.
After writing it down: sounds like an awful lot of work for a lot of cases.
Btw: the rule for microservices that I know of, is that they must have their own database, not their own table.
reply