Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
advisedwang 3 days ago

Requiring that no service is depended on by two services is nonsense.

You absolutely want the same identity service behind all of your services that rely on an identity concept (and no, you can't just say a gateway should be the only thing talking to an identity service - there are real downstream uses cases such as when identity gets managed).

Similarly there's no reason to have multiple image hosting services. It's fine for two different frontends to use the same one. (And don't just say image hosting should be done in the cloud --- that's just a microservice running elsewhere)

Same for audit logging, outbound email or webhooks, acl systems (can you imagine if google docs, sheets, etc all had distinct permissions systems)

jayd16 3 days ago | parent | next [-]

Yeah even further, does that mean that SAAS like S3 shouldn't exist because it has multiple users?

I guess one possible solve would be to separate shared services into separate private deployments. Every upstream service gets its own imagine hosting service. Updates can roll out independently. I guess that would solve the blast radius/single source of failure problems but that seems really extreme.

spyspy 3 days ago | parent | prev | next [-]

The trick is to have your gateway handle authn, and then proxy authz data upstream so those services can decide how to handle it without needing to make a second call to the identity service.

advisedwang an hour ago | parent [-]

You probably want to have a UI for account creation and password resets, right? There's a frontend that has to talk directly to identity service.

You may want to bill based on # of active users - well that's interactive with the identity service (you can do this without billing calling the identity services' API, but the alternatives are just other common dependencies.

You may want a tool for the support team to search identity service to find a user or their account status.

If you have a sharing feature, you may want that to verify you are sharing with an account that exists.

liampulles 3 days ago | parent | prev [-]

I agree with you. Its interesting when I look at the examples you provide, that they are all non-domain services, so perhaps that is what codifies a potential rule.