Our great sponsors
-
spicedb
Open Source, Google Zanzibar-inspired permissions database to enable fine-grained access control for customer applications
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
We have it on our backlog[0] to add documentation on how to run it with Kubernetes, at least.
Very sorry about the "work in progress" moniker on our v1 APIs. We developed the v1 APIs based on our real-world experience running the Authzed.com service for ourselves and others, and we just finished their implementation and porting everything over. We will remove that warning ASAP!
One thing to note though, is that we thought about calling our v1 APIs v5 or something, because we didn't want to give the impression that they will never change. We intend to continue to improve the APIs, sometimes in backward incompatible ways, but will just keep the existing APIs around for a very long™ period of time, similar to how Stripe handles their API versioning.[1]
[0] https://github.com/authzed/spicedb/issues/147
[1] https://stripe.com/docs/api/versioning
RDS supports `postgres_fdw` on pretty much all versions of vanilla PG and Aurora PG. This should be sufficient to implement what you described.
Though if you wanted to go one step further you could use `postgres_fdw` to connect to a bunch of stateless PG boxes running OSS PG and have those load non-supported FDWs in order to support all sorts of backends like `mysql_fdw` and friends. Adds a proxy hop but makes it possible to do all sorts of very cool things. Hit me up if you want to talk more PG/Zanzibar things.
PS: I wrote this to get an idea of Zanzibar but I haven't used it in anger yet: https://github.com/josephglanville/zanzibar-pg
I've done some thinking in the ACL space: https://github.com/theronic/eacl
(totally beta software - don't use in production)
Related posts
- SpiceDB – production-ready, open-source Google Zanzibar implementation
- The search for a perfect access control system
- Top 5 Access Control Features You Should Implement in 2024
- OPAL: A Flexible, Self-Hosted Authorization Solution Inspired by Netflix's AuthZ Strategy
- Policy as Code Open Source Project – Roadmap Questions