FF don't seem like the perfect place for entitlements, but in my experience they're often the best tool at hand to deal with the challenges. I'd love to hear alternative opinions.
We just use a combination of numerical limits (e.g. API calls per day) and product flags as an array of tags (features:["module1", "module2"]). These limits and flags are attached set on "plans" which can be attached to accounts. Plans can be combined, in which case we'll take the larger value for each numerical value and combine the tags using union. Additionally one can override / add to any of these values on a per-account basis, so if your customer needs PlanX but a custom API quota then you just override that single value directly on their account.
Call me old-school, but I don't get why something like this should be outsourced to a third party.
If you already have a process for repackaging entitlements in plans and addons whenever some bright mind in marketing has an idea, the it’s completely fine.
I'm actually working on a solution to plan entitlements among other similar functionality right now. While you can get a basic solution set up with feature flags, we've found that the organization and evolution of billing/pricing-related entitlements (E.g. plans, editions, etc.), especially over time, is increasingly complex with lots of requirements in the peripheral. Think things like varying combinations of feature, seats, and usage-based/metered strategies, team subscriptions, plan migrations, one-off enterprise plans, multi-subscription customers (E.g. promotion periods and layered subscriptions), usage aggregation, automated upselling, etc.
As you show in your blog (Nice post btw!), while you can have a flag with a numerical value representing a limit, the infrastructure for tracking usage is left to the business to implement. Imagine instead that you emit usage of that lever to an entitlement service and entitlements based on that usage are updated in real-time, even across teams. Also imagine that you have other entitlements that may be dependent on that entitlement that update as well. In addition, as limits are approached or crossed, you can choose to have soft enforcement (I.e. let them continue, but notify sales to reach out) or hard enforcement and display a prompt to upgrade.
In the spirit of OP's link, we work alongside existing billing solutions rather than try to reinvent the wheel there. We're bootstrapped via a previous successful exit and working with early customers, so if anyone's interested in chatting, even to just geek out on this topic, please reach out: trent at planship.io.
yes, this is needed too. Specifically for real usage based systems, how do we get these limits to apply all the way down to our API rate limits / filters? And how do we output the usage of these things back to the billing system for metering.
Sooo many usage based pricing things out there (ironically with totally non-transparent pricing), but I agree that it doesn't feel like the right solution has been built yet.
Oh man tell me about it. I also think the trend towards metered, pay-as-you-go pricing in general doesn't make sense for many businesses or their customers, but I digress.
Curious if you've thought much on how to distill feature-flag entitlements, service-limit entitlements, role-based entitlements, billing-based entitlements, and so on to a single interface like "Can I [action]?"
Edit: Ha, just saw your reply in a separate thread. Yes, you have thought about it. :) Would be curious to learn more.
1. Some of these are primarily updated in a UI, some are driven from some other system. Flags are customer UI, but Auth is often customer's customer (admins setting RBAC) or derived from SAML Role / etc.
2. There are very different personas / different blast-radiuses for different changes. This means that there should be different interfaces for the creation and administration of the different type of things.
3. Different scales. Dynamic configuration / feature flags are great, but you don't want the rule payload to be GB, which you would have if you tried to store fine grained permissions inside it. Zanzibar is awesome and should be available to more people.
4. It would be best if we could all agree on the names & types of these objects. I think schema files and code-generation are underused.
5. My inclination is that entitlements are just feature flags under the covers, but that there's enough different that a custom UX is warranted.
6. It's easy to add a ton of latency to applications with this stuff. First we spend 50ms getting the user... then we go get the billing for 50ms... then we get the entitlements for 50ms... There are big gains to be had by having this solved holisticaly.
hmu anytime jdwyer at prefab.cloud would love to hear your thoughts.
Some of these immediately resonate. I'd love (4) to be a reality but it's going to be a struggle to get there, not that it isn't worth striving for. And while I agree with (5), the "covers" are often complex/dynamic and where a lot of difficulty in implementation and maintenance occurs (Sorta touched on in (3)). (6) is what got us thinking about this idea of distilling entitlements in the first place.
"Can I [action]?" is the exact question that Zanzibar[0] was designed to answer in a highly performant and scalable way.
With multiple data sources reading and writing to SpiceDB [1] (our OSS implementation of Zanzibar), those questions can further be extended into "Can [subject] [action] on [resource]", which allows for supporting not just permissions, but (as you suggested) feature flags, entitlements, role-based access control and even billing-based entitlements (if the billing system's information is supplied in as relationships or dynamically via caveat context [2]).
As a concrete example, feature flags can be represented as a straightforward permission:
definition user {}
definition featureflag {
relation enabled: user
permission is_enabled = enabled
}
The real power comes into play when different aspects of the system are combined, such as only allowing a feature flag to be enabled if, say, the user also has another permission:
In the above example [3], a feature flag is only enabled for the specific user if they were granted the flag and they are a member of the organization for which the flag was created. While this is somewhat of a constructed example, it demonstrates how combining the models can be used to grant more capabilities.
With caveats [2], these kinds of questions can even depend on dynamic data, such as the time of day, whether the user's account balance is positive, or even be random based on some distribution (to enabled, for example, partial enablement of feature flags)
This is cool! We're just starting to look into this area as we integrate pricing/billing/plan logic and entitlements at scale. Thanks for the example and reminder to read through the Zanzibar white paper.
Feature flags are one of those beautiful systems that are just expressive enough to be shoehorned into doing everything. Beta rollouts? Role-based auth? Billing entitelments? One-off customer requests? Yes. They can all be feature flags. The very best feature flags can optionally have a value attached to them. Then your API plan limits can just be feature flags.
Now... is that the best way? Probably not, for any one of those use cases. But once you've built it, it is very tempting to use them for everything.
I'm really interested in getting stronger opinions here about how to set people up for success. Being the founder of a feature flag company I feel like I'm a rope dealer.
I'm really interesting in providing good authorization primitives as well. This is kinda the whole reason/vision for why Prefab exists. If you have an authorization tool and a separate feature flag tool and a separate billing tool. You're going to be tempted to do some weird un-holy things. If you can use one provider for it, then we can really help when it comes to putting things in the right place. My dream is that you can type user.can_do?(:thing) and get back a response that has checked the authorization, ff & entitlements system and gives you a clear and comprehensible answer.
I think as long as "feature flag entitlements" are seen as distinctly different from what engineers usually use feature flags for (small incremental changes of individual components, testing, roll-outs, A/B testing) they can work well. An entitlement should have a clear link to a customer-facing feature, which are conceptually much larger blocks of functionality. One difficulty with this approach is that you still have to take into account a lot of billing-related aspects, e.g., handling customers in arrears, overage charges if they go over a certain limit, having different pricing models for the same feature, or resetting/carrying over usage counters on plan changes/upgrades - this can add a lot of complexity over time!
That's why we decided to offer separate feature entitlements that are tightly coupled to the billing chain and metering as part of Wingback (disclaimer: I'm the CTO). In the end, depending on your plan complexity and how much you have already invested in feature flags, I think both approaches can work well. Having some kind of feature gating in place for your customers will also make your life a lot easier for provisioning customer accounts and being able to offer custom packages.
I was just coming to hn this morning because I wrote about using FF for entitlements: https://prefab.cloud/blog/modeling-product-entitlements-with... I took some inspiration from another of Arnon's posts about SKU format for the post.
FF don't seem like the perfect place for entitlements, but in my experience they're often the best tool at hand to deal with the challenges. I'd love to hear alternative opinions.