alt Hacker NewsRule #2 sounds dumb. If there can't be a single source of truth, for let's say permission checking, that multiple other services relay on, how would you solve that? Replicate it everywhere? Or do you allow for a new business requirement to cause massive refactors to just create a new root in your fancy graph?
Replies
kaashif • last Friday at 5:46 PM
This is exactly the example I thought of and came here to post.
The rule is obviously wrong.
I think just having no cycles is good enough as a rule.
Services handle the permissions of their own features. Authentication is handled at the gateway.
Not sure if I agree its really the best way to do things but it can be done.