Show HN: Permify 1.0 – Open-source fine-grained authorization service

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
hardware-buttons linkedin-bot template-engine-js

CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured
InfluxDB high-performance time series database
Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.
influxdata.com
featured

  1. permify

    An open-source authorization as a service inspired by Google Zanzibar, designed to build and manage fine-grained and scalable authorization systems for any application.

  2. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo

  3. openfga

    A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar

    How does this compare to auth0's OpenFGA (based on Zanzibar)?

    https://openfga.dev

  4. warrant

    Warrant is a highly scalable, centralized authorization service based on Google Zanzibar. Use it to define, enforce, query, and audit application authorization and access control.

    I think one major difference between the Zanzibar implementations that are out there is support for the 'zookie' consistency token (as mentioned in the original paper). OpenFGA afaik doesn't implement zookies yet[1]. With zookies, each permission write generates a unique token that represents that particular write. Clients can store that token (per resource) and optionally provide it during runtime checks to ensure checks are consistent up to that write. It also helps the system guard against the 'new-enemy problem' (incorrect permissions checks due to permissions changes being read out of order) by ordering writes.

    I'd argue that it also unlocks a variety of caching implementations on the Zanzibar server while still allowing clients to specify desired consistency on a per-request/per-resource level. In other words, a Zanzibar implementation with support for zookies can guarantee consistency at a much higher throughput than one that relies on time (second, millisecond delay). This is important for generic 'read after write' scenarios.

    Disclaimer: I'm a former founder of Warrant[2] which was recently acquired by WorkOS. Our team has spent a ton of time building our Zanzibar-based authorization service (WorkOS FGA[3]) which supports zookies[4] and other Zanzibar concepts.

    [1] https://openfga.dev/docs/interacting/consistency#future-work

    [2] https://warrant.dev/

    [3] https://workos.com/docs/fga

    [4] https://workos.com/docs/fga/warrant-tokens

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • How to Implement Two-Factor Authentication (2FA) in Golang

    2 projects | dev.to | 1 Jul 2024

  • Fine-Grained Access Control (FGAC): Comprehensive Guidance

    2 projects | dev.to | 12 Jun 2024

  • Implementing Role Based Access Control (RBAC) in Node.js and Express App

    4 projects | dev.to | 5 Jun 2024

  • Implementing Role Based Access Control in SvelteKit

    2 projects | dev.to | 30 May 2024

  • Policy-Based Access Control (PBAC): A Comprehensive Overview

    1 project | dev.to | 16 Apr 2024

Did you know that Go is
the 4th most popular programming language
based on number of references?

Loading...