ffi
Ory Keto
Our great sponsors
ffi | Ory Keto | |
---|---|---|
5 | 35 | |
2,050 | 4,557 | |
0.4% | 2.8% | |
8.4 | 8.6 | |
about 2 months ago | 23 days ago | |
Ruby | Go | |
BSD 3-clause "New" or "Revised" License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ffi
-
Mixing FFI, Fiddle, and C Extension in Ruby
If you're working with Ruby and need to invoke a function written in C language, there are some convenient gems available: Ruby-FFI and Fiddle.
-
Why Authorization Is Hard
Hey, Oso engineer here. Good question.
The rust core is indeed called from the ruby library (as it is with all of our 5 other host libraries). The core itself is pretty complex (there's a whole parser/interpreter in there), so maintaining it in a bunch of languages would be a bit hectic.
There are some files inside `lib/oso/polar/ffi` that define the C bindings used by the rest of the library. Here's an example: https://github.com/osohq/oso/blob/main/languages/ruby/lib/os...
We use the ffi gem to make that work: https://github.com/ffi/ffi
-
ffi-bitfield
Ruby-FFI is a powerful tool to create bindings for C language libraries in Ruby.
-
Travis CLI installation issue for MacOS
Tried solution mentioned here https://github.com/ffi/ffi/issues/653 but no luck then I posted this question over StackOverflow :
Ory Keto
-
Show HN: Blueprint for a distributed multi-region IAM with Go and CockroachDB
One of Ory’s core competencies is permissions. We built the first Google Zanzibar implementation in the world and it’s part of Ory Network‘s global multi-region platform (https://github.com/ory/keto)
A push model is also valid if you’re heavy on policies and can accept eventual consistency. We will investigate how to generally push things to the edge (like we did with Ory Edge Sessions) or to cryptographic verification wherever staleness is acceptable.
By solving the primitives correctly in the beginning (with a multi region architecture) that job does become a lot easier, which is what we decided doing at Ory :)
-
Show HN: Open-source IAM Ory Kratos v1.0 with Passkeys, MFA and multi-region
slightly off-topic, but related to what ory is doing in general. How do you usually do authorization-aware search?
Imagine, I have a bunch of Google docs and using https://github.com/ory/keto for authorization. I can quickly answer the question "does user X have access to document Y", but it is not easy to do "search all documents with word Hello in it, for which I have access" because access can be granted through nested groups (give read access to everyone in DepartmentA, and I am part of child department)
-
Understanding Google Zanzibar and Why Shines at Building Permissions
Shameless plug for Ory Keto, probably the best reference implementation IMO https://github.com/ory/keto
-
We built an open source authorization service based on Google Zanzibar
Also see: https://github.com/ory/keto
-
Open-source authorization service and policy engine based on Google Zanzibar
Looks cool, wonder how it compares to Keto and Casbin.
-
Launch HN: Warrant (YC S21) – Authorization and access control as a service
How does Warrant compare to other Zanzibar based solutions like Ory Keto ?https://github.com/ory/keto
-
Show HN: Open-source authorization service based on Google-Zanzibar
Interesting to see another project open sourced around Google Zanzibar. On a timeline for context:
- Ory came out first with Ory Keto ( https://github.com/ory/keto ) which is trying to be a close adaptation of the paper. Initially, many concepts were missing but they are making a lot of progress with the DSL and it interfaces with the rest of Ory (OAuth2, User Mangement)
- Authzed came out as a SaaS only, open sorucing the code base later on at https://github.com/authzed/spicedb
- Auth0 has been playing around with Zanzibar concepts in various forms and published a beta service at https://dashboard.fga.dev - apparently now also open source parts of it similar to what Authzed did: https://github.com/openfga
- Permify - who on a side note spammed me quite a lot with outreach because I was active in these communities - joins as well https://github.com/Permify/permify
It's exciting to see so much movement, yet also sad that so many companies are brewing their own beer instead of working collaborative on the more succesful projects. Feels like we'll just end up with one or two successful projects (looking at Ory / Auth0 here) with the rest perishing. I'm wondering if there truly is a business model for just this permission system as a saas service (looks like this is what everyone is going with). Here I'm giving Auth0 probably the biggest plus as they have an established identity service. Then again, Okta (parent of Auth0) and Auth0 themselves are not particularly known for good business practices that we usually expect from developer tooling.
What's refreshing though with Permify is that they are trying a bit of a different approach to Zanzibar!
-
Zanzibar-like authorization framework written in Go
Er, Ory Keto is written in Go.
What are some alternatives?
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
spicedb - Open Source, Google Zanzibar-inspired permissions database to enable fine-grained access control for customer applications
casbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
cerbos - Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
Ory Kratos - Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market!
oso - Oso is a batteries-included framework for building authorization in your application.
Ory Oathkeeper - A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
zanzibar - A build system & configuration system to generate versioned API gateways.
permify - Permify is an open-source authorization service inspired by Google Zanzibar.
Ory Hydra - OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
casbin-server - Casbin as a Service (CaaS)