Why Authorization Is Hard

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • OPA (Open Policy Agent)

    Open Policy Agent (OPA) is an open source, general-purpose policy engine.

  • From my limited research looking for authorization systems [1] it is but it is not: OPA can get actually quite slow for "real world" production scenarios. For example until recently Ory Keto used OPA and had that issue https://github.com/open-policy-agent/opa/issues/1443 . It seems to me that Oso although is based in Opa and Zanzibar ideas, it may have some performance improvements and ease of use.

    [1] (we are planning to change a half-assed internal auth system to a pre-existing one)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • oso

    Oso is a batteries-included framework for building authorization in your application.

  • Hey, Oso engineer here. Good question.

    The rust core is indeed called from the ruby library (as it is with all of our 5 other host libraries). The core itself is pretty complex (there's a whole parser/interpreter in there), so maintaining it in a bunch of languages would be a bit hectic.

    There are some files inside `lib/oso/polar/ffi` that define the C bindings used by the rest of the library. Here's an example: https://github.com/osohq/oso/blob/main/languages/ruby/lib/os...

    We use the ffi gem to make that work: https://github.com/ffi/ffi

  • dd-trace-rb

    Datadog Tracing Ruby Client

  • Thanks! I'll pass it on to the team :D

    I've got to say, the folks at Intercom made it particularly fun. They were sending us traces and graphs from their internal systems when we trying to figure out some issues with them (e.g. we ran into this datadog context problem: https://github.com/DataDog/dd-trace-rb/issues/1389)

  • ffi

    Ruby FFI

  • Hey, Oso engineer here. Good question.

    The rust core is indeed called from the ruby library (as it is with all of our 5 other host libraries). The core itself is pretty complex (there's a whole parser/interpreter in there), so maintaining it in a bunch of languages would be a bit hectic.

    There are some files inside `lib/oso/polar/ffi` that define the C bindings used by the rest of the library. Here's an example: https://github.com/osohq/oso/blob/main/languages/ruby/lib/os...

    We use the ffi gem to make that work: https://github.com/ffi/ffi

  • Ory Keto

    Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System". Ships gRPC, REST APIs, newSQL, and an easy and granular permission language. Supports ACL, RBAC, and other access models.

  • casbin-server

    Casbin as a Service (CaaS)

  • casbin is super flexible and it support many models[1]

    [0]https://casbin.org/docs/en/service

  • cerbos

    Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • OPA vs. Google Zanzibar: A Brief Comparison

    2 projects | dev.to | 14 Nov 2023
  • OPA (Open Policy Agent) VS topaz - a user suggested alternative

    2 projects | 25 Jul 2023
  • Understanding Google Zanzibar and Why Shines at Building Permissions

    4 projects | news.ycombinator.com | 25 Jun 2023
  • Cloud Native Applications - Part 2: Security

    3 projects | dev.to | 28 Jan 2023
  • How to authenticate microservices?

    4 projects | /r/golang | 26 Nov 2022