SaaS Considerations
While the Nuts node itself is small and lightweight, there are hard/expensive operational aspects of running a Nuts node:
Backing up data (files on-disk and database records) and testing backup restore procedures
Keeping the node up-to-date (patching)
Securely handling private key material to avoid theft or data loss
Key rotation
While some or all of these aspects apply to any software handling sensitive data, parties could decide to outsource hosting of the Nuts node to a third party.
Multi-tenancy
The Nuts node itself is not multi-tenant, meaning someone with access to its API can use any operation for all subjects. This is a problem if the hosting provider of the node (e.g. SaaS vendor) does not control the applications using the API. By running a Nuts node for each tenant, API calls can only access resources (DIDs, keys) of that node. Therefore, for this scenario, it’s recommended to run a separate Nuts node for each SaaS tenant.