casbin
Ory Keto
Our great sponsors
casbin | Ory Keto | |
---|---|---|
38 | 35 | |
16,727 | 4,569 | |
1.8% | 2.8% | |
7.3 | 8.6 | |
1 day ago | 4 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
casbin
-
A guide to Auth & Access Control in web apps 🔐
https://casbin.org/ (multiple approaches, multiple languages, provider) Open source authZ library that has support for many access control models (ACL, RBAC, ABAC, …) and many languages (Go, Java, Node.js, JS, Rust, …). While somewhat complex, it is also powerful and flexible. They also have their Casdoor platform, which is authN and authZ provider.
-
Help needed - is there a product that provides the auth functionality we need?
Looks like you’re looking for a role-based access control (RBAC) module on your backend. What you would do is attach roles to your users/tokens which would allow or deny any specific action on a resource. Take a look at https://casbin.org/ that might be useful.
-
Keycloak – Open-Source Identity and Access Management Interview
5. More powerful authorization (powered by Casbin), Casbin is a popular authorization solution with a lot of integrations for DBs and applications: https://casbin.org/
SaaS hosting is also provided at: https://casdoor.com/ for anyone who don't want to self-host
Looking at your username, it would be nice to mention that you are one of the main developers behind the tool instead of making it sound like you are unrelated: https://github.com/casbin/casbin/graphs/contributors https://github.com/casdoor/casdoor/graphs/contributors
- Why elixir over Golang
-
Help me choose Auth Tech Stack for SaaS?
- Casbin handles RBAC, ABAC: https://casbin.org/
Casbin is very nice
- I created Atomic: Self Hosted Open Source Alternative to Reclaim, Clockwise & Motion
-
Permissions (access control) in web apps
https://casbin.org/ (multiple approaches, multiple languages, provider) Open source authZ library that has support for many access control models (ACL, RBAC, ABAC, …) and many languages (Go, Java, Node.js, JS, Rust, …). While somewhat complex, it is also powerful and flexible. They also have their Casdoor platform, which is authN and authZ provider.
- Something like Keycloak but in Go?
Ory Keto
-
Show HN: Blueprint for a distributed multi-region IAM with Go and CockroachDB
One of Ory’s core competencies is permissions. We built the first Google Zanzibar implementation in the world and it’s part of Ory Network‘s global multi-region platform (https://github.com/ory/keto)
A push model is also valid if you’re heavy on policies and can accept eventual consistency. We will investigate how to generally push things to the edge (like we did with Ory Edge Sessions) or to cryptographic verification wherever staleness is acceptable.
By solving the primitives correctly in the beginning (with a multi region architecture) that job does become a lot easier, which is what we decided doing at Ory :)
-
Show HN: Open-source IAM Ory Kratos v1.0 with Passkeys, MFA and multi-region
slightly off-topic, but related to what ory is doing in general. How do you usually do authorization-aware search?
Imagine, I have a bunch of Google docs and using https://github.com/ory/keto for authorization. I can quickly answer the question "does user X have access to document Y", but it is not easy to do "search all documents with word Hello in it, for which I have access" because access can be granted through nested groups (give read access to everyone in DepartmentA, and I am part of child department)
-
Understanding Google Zanzibar and Why Shines at Building Permissions
Shameless plug for Ory Keto, probably the best reference implementation IMO https://github.com/ory/keto
-
We built an open source authorization service based on Google Zanzibar
Also see: https://github.com/ory/keto
-
Open-source authorization service and policy engine based on Google Zanzibar
Looks cool, wonder how it compares to Keto and Casbin.
-
Launch HN: Warrant (YC S21) – Authorization and access control as a service
How does Warrant compare to other Zanzibar based solutions like Ory Keto ?https://github.com/ory/keto
-
Show HN: Open-source authorization service based on Google-Zanzibar
Interesting to see another project open sourced around Google Zanzibar. On a timeline for context:
- Ory came out first with Ory Keto ( https://github.com/ory/keto ) which is trying to be a close adaptation of the paper. Initially, many concepts were missing but they are making a lot of progress with the DSL and it interfaces with the rest of Ory (OAuth2, User Mangement)
- Authzed came out as a SaaS only, open sorucing the code base later on at https://github.com/authzed/spicedb
- Auth0 has been playing around with Zanzibar concepts in various forms and published a beta service at https://dashboard.fga.dev - apparently now also open source parts of it similar to what Authzed did: https://github.com/openfga
- Permify - who on a side note spammed me quite a lot with outreach because I was active in these communities - joins as well https://github.com/Permify/permify
It's exciting to see so much movement, yet also sad that so many companies are brewing their own beer instead of working collaborative on the more succesful projects. Feels like we'll just end up with one or two successful projects (looking at Ory / Auth0 here) with the rest perishing. I'm wondering if there truly is a business model for just this permission system as a saas service (looks like this is what everyone is going with). Here I'm giving Auth0 probably the biggest plus as they have an established identity service. Then again, Okta (parent of Auth0) and Auth0 themselves are not particularly known for good business practices that we usually expect from developer tooling.
What's refreshing though with Permify is that they are trying a bit of a different approach to Zanzibar!
-
Zanzibar-like authorization framework written in Go
Er, Ory Keto is written in Go.
What are some alternatives?
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
spicedb - Open Source, Google Zanzibar-inspired permissions database to enable fine-grained access control for customer applications
casdoor - An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA and RADIUS [Moved to: https://github.com/casdoor/casdoor]
CASL - CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
cerbos - Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
jwt-auth - This package provides json web token (jwt) middleware for goLang http servers
zanzibar - A build system & configuration system to generate versioned API gateways.
gorbac - goRBAC provides a lightweight role-based access control (RBAC) implementation in Golang.
authelia - The Single Sign-On Multi-Factor portal for web apps
Ory Kratos - Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market!