Show HN: Ory Keto, open source authorization server based on Google Zanzibar

This page summarizes the projects mentioned and recommended in the original post on

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • Onboard AI - ChatGPT with full context of any GitHub repo.
  • Ory Keto

    Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System". Ships gRPC, REST APIs, newSQL, and an easy and granular permission language. Supports ACL, RBAC, and other access models.

    OPA takes a whole different approach. They basically have a specific language and a corresponding interpreter. The previous version of Keto was based off of OPA. We discovered that it is not suitable for our needs and what we want to offer because it can be very hard to meet certain performance goals (e.g.

    Taking this simple approach allows us to provide a global, low latency, and consistent authorization system.

  • Keycloak

    Open Source Identity and Access Management For Modern Applications and Services

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • Ory Kratos

    Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market! (by ory)

    Keto only does authorization, independent of users, devices, bots, applications, ... Basically you store your ACLs there and then ask "is _subject_ allowed to do _relation_ on _object_". All the variables are whatever you define them to be.

    Checkout, our identity server.

  • Ory Hydra

    OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts