Our great sponsors
-
Ory Keto
Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System". Ships gRPC, REST APIs, newSQL, and an easy and granular permission language. Supports ACL, RBAC, and other access models.
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Ory Kratos
Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market! (by ory)
-
Ory Hydra
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
OPA takes a whole different approach. They basically have a specific language and a corresponding interpreter. The previous version of Keto was based off of OPA. We discovered that it is not suitable for our needs and what we want to offer because it can be very hard to meet certain performance goals (e.g. https://github.com/ory/keto/issues/104)
Taking this simple approach allows us to provide a global, low latency, and consistent authorization system.
Keto only does authorization, independent of users, devices, bots, applications, ... Basically you store your ACLs there and then ask "is _subject_ allowed to do _relation_ on _object_". All the variables are whatever you define them to be.
Checkout https://github.com/ory/kratos, our identity server.