zed
examples
zed | examples | |
---|---|---|
2 | 1 | |
106 | 29 | |
5.7% | - | |
8.8 | 4.0 | |
2 days ago | 5 months ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
zed
-
Authz: Authorization backend using ABAC and RBAC
The cli can be found here https://github.com/authzed/zed.
-
Show HN: Topaz: open-source authorization combining the best of OPA and Zanzibar
Both REST and built-ins for OPA have been available for existing projects like OpenFGA and SpiceDB. In case of SpiceDB, the first built-in was available in June of last year[0].
Why take on the burden of building something new when you could collaborate with the existing communities with more mature solutions? We'd be glad to welcome you!
[0]: https://github.com/authzed/zed/pull/5
examples
-
Shipping Multi-Tenant SaaS Using Postgres Row-Level Security
As the developer of an external authorization system (full disclosure)[0], I feel obligated to chime in the critiques of external authorization systems in this article. I do think RLS is great and definitely fits the OP's use case and we recommend folks use a solution like this until they hit complexity limitations. Anyways, here's my rebuttal:
1+2 Cost + Unnecessary complexity: this argument can be used against anything that doesn't fit the given use case. There's no silver bullet for any choice of solution. You should only adopt the solution that makes the most sense for you and vendors should be candid about when they wouldn't recommend adopting their solution -- it'd be bad for both the users and reputation of the solution.
3: External dependencies: That depends on the toolchain. Integration testing against SpiceDB is easier than Postgres, IMO [1]. SpiceDB testing can also model check your schema so that you're certain there are no flaws in your design. In practice, I haven't seen folks write tests to assert that their assumptions about RLS are maintained over time.
4: I'm not sure I understand this point. Most companies do not employ authorization experts and solutions worth their salt should natively support multi-tenant use cases.
[0]: https://github.com/authzed/spicedb
[1]: https://github.com/authzed/examples/tree/main/integration-te...
What are some alternatives?
topaz - Cloud-native authorization for modern applications and APIs
spicedb-operator - Kubernetes controller for managing instances of SpiceDB
spicedb - Open Source, Google Zanzibar-inspired permissions database to enable fine-grained access control for customer applications
connector-postgresql - Import PostgreSQL foreign key relationships into SpiceDB
fga-dotnet-sdk - Auth0 FGA SDK for .NET - Use https://github.com/openfga/dotnet-sdk instead
openfga - A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar