[WIP] SaaS DSL

This is me Mulling over rule engines and DSLs.

Usually in a complex SAAS (Software as a Service) project, you need to let some power users be able to turn some knobs and essentially program the product to their needs.

Examples include things like JQL for Atlassian's JIRA, various drag-and-drop flow programming systems that let you hook actions on top of events happening etc. This empowers the users to cater the product to their needs without the devs being involved. When done right, this can save a lot of product development time.

Some SAAS products actually embed a programming language and expose it to the users. For example, the now deprecated Auth0 rules lets you write javascript functions.

While you want to empower the users, and give them powerful tools to do their jobs, you want to make sure that the power is still limited. Of course, plugin systems are not a new thing. But in the context of a SAAS, we're talking about executing untrusted code.

Further Links to read

• Auth0 Rules
• jmespath.py
• Prolog in python
• Greenspun's tenth rule
• HCL
• jq

[WIP] Roles and permissions

Some interesting DSLs to manage permissions

Prolog

• Gerrit example/rules.pl
• Prolog Submit Rules Cookbook (Deprecated)

Zanzibar

• Why Google Zanzibar shines at building authorization
• Zanzibar paper by Google
• Auth0 FGA
• Zanzibar Academy

AWS

• Cedar
• Cedar: A new policy language
• AWS IAM Roles, a tale of unnecessary complexity