Thanks for all the feedback. I’ve decided to remove the application users. For some this might be bad news, however it removes a lot of complexity that would else slow me down in going forwards. Please see for the latest release (just released):
It still provides authentication on a per organization level (and this functionality will stay 
).
Please note that you could also implement your own version of LoRa App Server in case you need customized functionality like different layers of authentication.
The thing is then applications become just a superfluous grouping of nodes, with no actual use in their current state. In fact, they can be ditched and nodes could relate to organizations only.
Please note that you can setup per application HTTP integrations. Also in the new version, the application is linked to a service-profile. In the future an application will also define how the payload of these devices will be decoded into meaningful data.