sso-wall-of-shame
keygen-api
sso-wall-of-shame | keygen-api | |
---|---|---|
201 | 21 | |
583 | 547 | |
- | 7.5% | |
8.3 | 9.7 | |
12 days ago | 1 day ago | |
JavaScript | Gherkin | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sso-wall-of-shame
-
Tailscale SSH is now Generally Available
Hi! Tailscalar here. This is very topical for me! Over the past 3 weeks I've been working with internal stakeholders to remove our SSO tax - the sso tax is a pet hate of mine. A couple of weeks ago we removed it from our pricing plan after my proposal was approved, and today I released a blog on our website to announce it more widely: https://tailscale.com/blog/sso-tax-cut
I knew of https://sso.tax (which we are not listed on but I did include in my blog), but didn't know there was another website too!
-
Software Company HashiCorp Is Weighing a Potential Sale
I'm not the person you've asked, but I'm somebody who has been purchasing SaaS/software for businesses large and small for years. My take:
1. If SSO and other basic modern security features are locked into "Enterprise" pricing tiers then the service is at the bottom of the list (see: https://sso.tax). I'd love to say instant disqualification but too many SaaS companies have it in their head that only wealthy enterprises use SSO, despite SSO platforms being widely available and some quite cheap to acquire and start using.
2. If I need to request a quote to start any kind of service to see what the product is about then I'm not likely to pursue it. Don't make me jump through hoops when I'm just trying to see if a product can fit my needs.
3. If license terms are too complex or easy to violate that's a hard pass. Infrastructure monitoring tools are a great example. The licensing is often per "device" or per monitored metric, and some vendors are very loose with their definition of "device". (Don't use LogicMonitor with k8s unless you like throwing money in the garbage can). Hard lessons learned.
4. If the only details I can find regarding how you secure your product are claims of SOC2 and ISO27001 certification then that's a very likely pass. Those controls are great to have, necessary even, but anyone who has had to work to meet those compliance objectives knows that they're much more about organization controls than they are product security. Give me an idea about how you protect data and whatnot on a security page somewhere, not an attestation that dev and prod are separate and you have logs.
On the side of the positives, outside of not hitting the negative marks, I value ease to work with, responsive and competent support, strong pre and post-sales solutions architecture and support/training (if the product is complex enough to warrant that), and supports SSO. I bring up SSO again because it's a hard requirement for SaaS purchases everywhere I go -- no SSO, no go. Social login is not a substitute and is highly undesired.
Hope this helps.
-
Multi – Multiplayer Collaboration for macOS
Don’t be shy, here’s the link: https://github.com/robchahin/sso-wall-of-shame/issues.
- SSO Tax- SaaS companies basis of upgrading from standard to enterprise
- SSO everything, good Idea?
-
We built the fastest CI in the world. It failed
It sounds like you're unaware of why SSO is considered a security feature at all them, but it's covered right on the site: https://sso.tax/
It's to allow centralized access management. Stuff like firing someone and revoking their access from one platform instantly, instead running around and changing permissions in every tool manually. Or ensuring people in department A can't be invited to some platform for people in department B in order to limit information access.
SSO tax is predicated on the idea that the moment you outgrow the informal arrangements and liberal access, you're really a business. Seems pretty fair?
-
eSignature for Google Docs and Google Drive (Beta)
Last time I had to implement Okta integration for DocuSign at my employer it was absurdly expensive. If Google does this right then I’d be ever so happy.
DocuSign on the SSO Tax site: https://sso.tax/
-
Show HN: Infisical – open-source secret management platform
There’s a strong, widespread objection to hiding security features behind a paywall: https://sso.tax/
If 2fa is the only way you can differentiate in order to force enterprises to pay, it’s better to have a fee for security than to die because you can’t make money… but broadly, as a security company, you should aim for maximum security for every user.
-
Keygen: a software licensing and distribution API
I totally understand. I'm aware of the SSO tax. It's just honestly a complex feature, with a significant maintenance and support burden, and I leaned making it EE so that it'd be worth all the effort to implement and maintain (i.e. I want it to be a new-positive feature for revenue). But if I could get help from other contributors, I'd be fine with SSO being a CE feature too.
-
Managed Services Client Onboarding: Simple Process (Free Template)
Need to put them up for the SSO Wall of shame. https://sso.tax/
keygen-api
-
"Useless Ruby sugar": Pattern matching (Pt. 1)
I don't have an Elixir background, but I absolutely utilize pattern matching in my Ruby code bases:
- https://github.com/keygen-sh/typed_params/blob/4e4982b7d2b26...
- https://github.com/keygen-sh/typed_params/blob/4e4982b7d2b26...
- https://github.com/keygen-sh/keygen-api/blob/master/app/migr...
- https://github.com/keygen-sh/keygen-api/blob/36cd61db143cc1c...
- https://github.com/keygen-sh/typed_params/blob/4e4982b7d2b26...
I love it. I want even more pattern matching too, like with defp: https://bugs.ruby-lang.org/issues/19764.
-
I don’t buy “duplication is cheaper than the wrong abstraction” (2021)
Honestly, I don't have many resources to provide. I read a lot of policy tests via GitHub search (e.g. path:spec/policies/*/*.rb), but couldn't find anything that looked like what I wanted. I wrote the DSL as-needed in order to fully test my app's authz while migrating from Pundit to ActionPolicy.
It's not the prettiest when you actually look beneath the covers [0], but it does what I wanted -- provides a way to write exhaustive authz tests. Without the DSL, I probably wouldn't have written. The PR for said migration was massive [1], and was a precursor to going open source [2].
[0]: https://github.com/keygen-sh/keygen-api/blob/master/spec/sup...
[1]: https://github.com/keygen-sh/keygen-api/pull/647
[2]: https://github.com/keygen-sh/keygen-api/issues/644
-
Let's Talk About Open Source
Yes, I can see why you might make this argument. [1]
[1] https://github.com/keygen-sh/keygen-api/blob/master/LICENSE....
-
Keygen: a software licensing and distribution API
And not at all set on WorkOS. It just looked like the easiest way to set up SSO last time I researched the topic. Feel free to comment on the issue with any recommendations.
-
Introducing New Heroku Postgres Plans
Since when can you run heroku pg:upgrade to switch database tiers? I was following an upgrade sequence I put together over the years [^0], but I guess Heroku automated this at some point? What would be really funny is if this had been possible all long...
[^0]: https://github.com/keygen-sh/keygen-api/blob/master/.notes/d...
- GitHub - keygen/api: an open, source-available software licensing and distribution API built with Ruby on Rails
-
How to connect my desktop app to MySql db
Maybe use keygen-sh?
-
NPM won't publish packages containing the word keygen
I run a business called Keygen [^0], and own the @keygen namespace on npm. We’re working on a Node SDK, so this isn’t good to hear. I’ll open up a discussion with them and see what we can do.
[^0]: https://keygen.sh
- Show HN: Keygen – an open, source-available software licensing/distribution API
-
GitHub support for PHP Packages: “no longer planned”
- org-2.php.pkg.github.com/package
I wonder if that had any impact on their decision.
[0]: https://github.com/keygen-sh/keygen-api/issues/490
What are some alternatives?
vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
ruby-next - Ruby Next makes modern Ruby code run in older versions and alternative implementations
unleash - Open-source feature management solution built for developers.
ecoji - Encodes (and decodes) data as emojis
ToolJet - Low-code platform for building business applications. Connect to databases, cloud storages, GraphQL, API endpoints, Airtable, Google sheets, OpenAI, etc and build apps using drag and drop application builder. Built using JavaScript/TypeScript. 🚀
typed_params - An alternative to Rails strong_parameters. Define structured and strongly-typed parameter schemas for your Rails controllers.
cerbos - Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
Action Policy - Authorization framework for Ruby/Rails applications
infisical - ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure and prevent secret leaks.
machineid - Get the unique machine id of any host (without admin privileges)
budibase - Budibase is an open-source low code platform that helps you build internal tools in minutes 🚀
Zulip - Zulip server and web application. Open-source team chat that helps teams stay productive and focused.