I can definitely give you an example. Imagine a business scenario where you want to check if a person is eligible for car loan if, he has monthly salary more than 150K and his credit score is more than 700. You can easily add rule to your code like person.salary > 150000 && person.credit_score > 700 but these kind of rules usually change with evolving business needs. Having to recompile & deploy a whole system every time there is business change rule change is bad idea, that’s where people rely on these rule engines. Similarly if you want to give user access to a resource based on a particular role in user.roles array you don’t want to deploy something as critical as identity service every time. All of these rule engines and access control have a fundamentally important thing i.e. boolean expression validation before executing something. This is where I believe RuES will be helpful, it can be a really help you have an isolated, and independently managed rules system, usually at larger orgs security would love a system where they can isolate such rules. Here is an example of such a system in Open Stack called Oslo.
Ok generically you’re talking about rule systems. But what makes this system convenient? Tbh one post request per rule seems pretty inconvenient; and why not embed inside a host process?
Host inside process and value I’ve answered below in another comment. Batch call I already am working on still not finished but I plan to have it out ASAP v 0.3.0.
@mxp can you explain a bit the benefits this offers over embedding one of the JMESPath libraries in your software directly? https://jmespath.org/libraries.html shows well tested libraries for most popular programming languages.
I hear about “rule engines” but I’m a bit stymied to understand when I want one, the concept is too abstract for me.
You can definitely embed the logic and take up responsibility of updating and managing rules including deployments. I believe it’s the same question as why have memcached when you can embed a cache library. Obvious advantages are reusability, centralization of rules management, and most important that I believe security folks in your team will like is sandboxing. Bug in an in process library has a broader attack surface than an isolated sidecar or a server.
I am envisioning this more like a Redis of expression evaluation where I want to provide with broad set of very commonly used functions and operators (like I already added support for regex matching), JMES is the entry point the value lies in operations and broad range of things rules can do. Just like you could have implemented your own version of Redis with all data structures but having it out of box makes it so much easier, and reusable.
I get that, but this is so many orders of magnitude slower than linking in a JMESPath library or even running it as a separate local process. And these sorts of tests/queries can easily become bottlenecks in a larger operation. (For example, the “map function” in CouchDB, evaluated using an external JS process.)
I would respectfully disagree, map function for larger queries is totally different case specially the CouchDB part with external evaluation.
I can give you counter example of Redis & Lua that has been out in production for years now, and I’ve seen people successfully deploy production grade apps on it. I did give rationale of why you might centralize it in a comment above, and how I plan on having a batch call to avoid multiple round-trips. That combined with sidecar approach should be able to give you sub-millisecond responses (like benchmarks).
Some common places to use them could be things like:
determining if a loan application has all appropriate bits (credit , history, job etc)
determining applicability of a candidate for insurance
You can often think of them as glorified Boolean if thens. Right now I use them in a variety of situations:
look at a particular protocol message and compare it to a bunch of rules to determine if someone is attempting something nefarious
look at log messages to determine if they meet any of several hundred conditions and then alerting / routing / etc appropriately
Is that a bit more concrete? The “promise” you often hear is of allowing domain experts to define the rules and actions so they don’t need to be put directly into code.
This seems both very clever and on its face a very inconvenient way of programming. Is there an example of this being used usefully?
I can definitely give you an example. Imagine a business scenario where you want to check if a person is eligible for car loan if, he has monthly salary more than 150K and his credit score is more than 700. You can easily add rule to your code like
person.salary > 150000 && person.credit_score > 700but these kind of rules usually change with evolving business needs. Having to recompile & deploy a whole system every time there is business change rule change is bad idea, that’s where people rely on these rule engines. Similarly if you want to give user access to a resource based on a particular role inuser.rolesarray you don’t want to deploy something as critical as identity service every time. All of these rule engines and access control have a fundamentally important thing i.e. boolean expression validation before executing something. This is where I believe RuES will be helpful, it can be a really help you have an isolated, and independently managed rules system, usually at larger orgs security would love a system where they can isolate such rules. Here is an example of such a system in Open Stack called Oslo.Ok generically you’re talking about rule systems. But what makes this system convenient? Tbh one post request per rule seems pretty inconvenient; and why not embed inside a host process?
Host inside process and value I’ve answered below in another comment. Batch call I already am working on still not finished but I plan to have it out ASAP v 0.3.0.
Eh with batch call it seems like it would work for the usecase you described. Seems like a case of de gustibus non disputandum est
As I promised the latest version has batch API now :)
It’s a new year’s miracle 😃
@mxp can you explain a bit the benefits this offers over embedding one of the JMESPath libraries in your software directly? https://jmespath.org/libraries.html shows well tested libraries for most popular programming languages.
I hear about “rule engines” but I’m a bit stymied to understand when I want one, the concept is too abstract for me.
You can definitely embed the logic and take up responsibility of updating and managing rules including deployments. I believe it’s the same question as why have memcached when you can embed a cache library. Obvious advantages are reusability, centralization of rules management, and most important that I believe security folks in your team will like is sandboxing. Bug in an in process library has a broader attack surface than an isolated sidecar or a server.
I am envisioning this more like a Redis of expression evaluation where I want to provide with broad set of very commonly used functions and operators (like I already added support for regex matching), JMES is the entry point the value lies in operations and broad range of things rules can do. Just like you could have implemented your own version of Redis with all data structures but having it out of box makes it so much easier, and reusable.
I get that, but this is so many orders of magnitude slower than linking in a JMESPath library or even running it as a separate local process. And these sorts of tests/queries can easily become bottlenecks in a larger operation. (For example, the “map function” in CouchDB, evaluated using an external JS process.)
I would respectfully disagree, map function for larger queries is totally different case specially the CouchDB part with external evaluation.
I can give you counter example of Redis & Lua that has been out in production for years now, and I’ve seen people successfully deploy production grade apps on it. I did give rationale of why you might centralize it in a comment above, and how I plan on having a batch call to avoid multiple round-trips. That combined with sidecar approach should be able to give you sub-millisecond responses (like benchmarks).
Some common places to use them could be things like:
You can often think of them as glorified Boolean if thens. Right now I use them in a variety of situations:
Is that a bit more concrete? The “promise” you often hear is of allowing domain experts to define the rules and actions so they don’t need to be put directly into code.