Seems like a lot of unnecessary complexity for something I could do with some if statements and lookups to a table in Postgres. Cool post, but why would anyone use this?
> In fact, we could have used Datalog to achieve our data goals — but that would mean we have to build our own Datalog implementation, backing data store, etc. We don’t want to do that.
Surprising that creating a whole new language made more sense then a backend. I wonder if they did a proof of concept with an existing logic system like Souffle¹ or Rel² first.
I'm a little surprised, too, but I bet there was an element of wanting the full executive control by designing the language from their distributed auth goals that Datalog doesn't intrinsically include.
We did more POCs and implementations than I care to admit. What Sam describes in this post is the result of many, many iterations that came before it. (Oso cofounder/CEO)
I like the idea and the language. Being a declarative language, it's like Terraform on steroids (because of inference, but for Auth purposes). It can be put in a Git repo with CI/CD to deploy when changes are made. The only think I disliked is... semicolons :P
I think it could be more impressive had it integrated with Hashicorp Vault or smth, I had always felt policy-driven development got inexplicably short legs, and otherwise too clumsy in the ergonomics dept
11 comments
[ 5.1 ms ] story [ 42.7 ms ] threadSurprising that creating a whole new language made more sense then a backend. I wonder if they did a proof of concept with an existing logic system like Souffle¹ or Rel² first.
¹ https://github.com/souffle-lang/souffle
² https://relational.ai/blog/rel
Side note: I also think that weaving logical inference and llms together into a virtuous cycle is an interesting topic to explore.