Ory Kratos
Ory Keto
Our great sponsors
Ory Kratos | Ory Keto | |
---|---|---|
41 | 35 | |
10,520 | 4,600 | |
2.4% | 2.0% | |
9.6 | 8.6 | |
7 days ago | 4 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Ory Kratos
- Show HN: Auth0 OSS alternative Ory Kratos now with passwordless and SMS support
-
Show HN: Obligator – An OpenID Connect server for self-hosters
I was expecting hydra / kratos to show up as an alternative.. but did not see any. Does any have any experience, good or bad about it?
-
Show HN: Blueprint for a distributed multi-region IAM with Go and CockroachDB
I think it would be fair to say that kratos was not the priority in 2022 in terms of code you can see not much was commited (https://github.com/ory/kratos/graphs/code-frequency) so I might have had a bad first impression.
A few issues on kratos that I consider relatively important are still missing / nobody from Ory is giving their input so it's hard to make progress and I would not take my time to contribute if I dont know if the owner are going to merge it.
An example that comes to mind is the OAuth email auto-verification or the search of users that is still super basic (we only recently got the filter of identifiers).
- Ory Kratos v1.0 with passkeys, MFA and multi-region
- Show HN: Open-source IAM Ory Kratos v1.0 with Passkeys, MFA and multi-region
-
What auth do you use? Why?
IMO it's almost always good to offer some OIDC social login, just depends what provider your users use.
-
Show HN: Open-source Auth0 alternative Ory Kratos v0.13 released – nearing v1.0
Check out the milestone on github: https://github.com/ory/kratos/milestone/15
not sure if that is everything.
-
State of OpenID Connect Providers
An open source solution pre-built from professionals like Ory Kratos or Keycloak saves you a lot of time and pain.
- Create a Identity with ory console, CORS issue
Ory Keto
-
Show HN: Blueprint for a distributed multi-region IAM with Go and CockroachDB
One of Ory’s core competencies is permissions. We built the first Google Zanzibar implementation in the world and it’s part of Ory Network‘s global multi-region platform (https://github.com/ory/keto)
A push model is also valid if you’re heavy on policies and can accept eventual consistency. We will investigate how to generally push things to the edge (like we did with Ory Edge Sessions) or to cryptographic verification wherever staleness is acceptable.
By solving the primitives correctly in the beginning (with a multi region architecture) that job does become a lot easier, which is what we decided doing at Ory :)
-
Show HN: Open-source IAM Ory Kratos v1.0 with Passkeys, MFA and multi-region
slightly off-topic, but related to what ory is doing in general. How do you usually do authorization-aware search?
Imagine, I have a bunch of Google docs and using https://github.com/ory/keto for authorization. I can quickly answer the question "does user X have access to document Y", but it is not easy to do "search all documents with word Hello in it, for which I have access" because access can be granted through nested groups (give read access to everyone in DepartmentA, and I am part of child department)
-
how to design database for Access Control Privileges ?
if you want to integrate an existing framework see if https://github.com/ory/keto solves your problems, there are similiar frameworks that support ABAC
-
Understanding Google Zanzibar and Why Shines at Building Permissions
Shameless plug for Ory Keto, probably the best reference implementation IMO https://github.com/ory/keto
- We built an open source authorization service based on Google Zanzibar
-
Open-source authorization service and policy engine based on Google Zanzibar
Looks cool, wonder how it compares to Keto and Casbin.
-
Launch HN: Warrant (YC S21) – Authorization and access control as a service
How does Warrant compare to other Zanzibar based solutions like Ory Keto ?https://github.com/ory/keto
-
Show HN: Open-source authorization service based on Google-Zanzibar
Interesting to see another project open sourced around Google Zanzibar. On a timeline for context:
- Ory came out first with Ory Keto ( https://github.com/ory/keto ) which is trying to be a close adaptation of the paper. Initially, many concepts were missing but they are making a lot of progress with the DSL and it interfaces with the rest of Ory (OAuth2, User Mangement)
- Authzed came out as a SaaS only, open sorucing the code base later on at https://github.com/authzed/spicedb
- Auth0 has been playing around with Zanzibar concepts in various forms and published a beta service at https://dashboard.fga.dev - apparently now also open source parts of it similar to what Authzed did: https://github.com/openfga
- Permify - who on a side note spammed me quite a lot with outreach because I was active in these communities - joins as well https://github.com/Permify/permify
It's exciting to see so much movement, yet also sad that so many companies are brewing their own beer instead of working collaborative on the more succesful projects. Feels like we'll just end up with one or two successful projects (looking at Ory / Auth0 here) with the rest perishing. I'm wondering if there truly is a business model for just this permission system as a saas service (looks like this is what everyone is going with). Here I'm giving Auth0 probably the biggest plus as they have an established identity service. Then again, Okta (parent of Auth0) and Auth0 themselves are not particularly known for good business practices that we usually expect from developer tooling.
What's refreshing though with Permify is that they are trying a bit of a different approach to Zanzibar!
-
Zanzibar-like authorization framework written in Go
Er, Ory Keto is written in Go.
What are some alternatives?
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
SuperTokens Community - Open source alternative to Auth0 / Firebase Auth / AWS Cognito
spicedb - Open Source, Google Zanzibar-inspired permissions database to enable fine-grained access control for customer applications
zitadel - ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.
casbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN
Ory Hydra - OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
cerbos - Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
Vault - A tool for secrets management, encryption as a service, and privileged access management
oso - Oso is a batteries-included framework for building authorization in your application.