Show HN: Topaz: open-source authorization combining the best of OPA and Zanzibar

• topaz

  9 979 9.5 Go

  Cloud-native authorization for modern applications and APIs (by aserto-dev)

  

Two years ago, we founded Aserto to simplify authorization for developers. Authorization is critical and hard to get right, yet isn't a source of differentiation for most applications.

Google [1], Airbnb [2], Netflix [3], Carta [4], Intuit [5], and others have written about their authorization systems. It's clear that these are all significant undertakings by sizable teams. Most engineering organizations don't want to spend their precious cycles reinventing this wheel.

Over the last two years, we've collected a set of best practices that are common across these projects. We call these the Principles of Authorization [6]. Our goal has been to democratize these principles into an authorization service, and save you time and effort.

Topaz [7] is an open source authorization system you can use to start building robust authorization in minutes. It provides fine-grained, real-time, policy-based access control for modern cloud applications. You can deploy it as a sidecar or a microservice in your cloud, ensuring low latency to your application.

Topaz combines the best ideas from two cloud-native authorization ecosystems: OPA and Zanzibar. Read our blog post [8] for more on why we built Topaz.

Happy hacking!

[1] https://research.google/pubs/pub48190/

[2] https://medium.com/airbnb-engineering/himeji-a-scalable-cent...

[3] https://www.infoq.com/presentations/authorization-scalabilit...

[4] https://medium.com/building-carta/authz-cartas-highly-scalab...

[5] https://medium.com/intuit-engineering/authz-intuits-unified-...

[6] https://www.topaz.sh/docs/intro#principles

[7] https://github.com/aserto-dev/topaz

[8] https://www.aserto.com/blog/topaz-oss-cloud-native-authoriza...

• spicedb

  38 4,565 9.7 Go

  Open Source, Google Zanzibar-inspired permissions database to enable fine-grained access control for customer applications

  

> it'd be awesome to collaborate [...] this is what open source is all about

100%! Though as a FOSS fan myself, I'm hoping for a new comer GPL/copyleft solution to come about and rule us all :)

Side-note: Absolutely loved this article from OSO with Abhishek Parmar, one of the co-creators of Zanzibar [3]

[0]: https://github.com/authzed/spicedb/issues/386

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• permify

  39 2,518 9.8 Go

  Open source authorization service inspired by Google Zanzibar to build fine-grained and scalable authorization systems.

  

• openfga

  15 2,288 9.7 Go

  A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar

  

• zed

  2 106 8.8 Go

  Official command-line tool for managing SpiceDB (by authzed)

  

Both REST and built-ins for OPA have been available for existing projects like OpenFGA and SpiceDB. In case of SpiceDB, the first built-in was available in June of last year[0].

Why take on the burden of building something new when you could collaborate with the existing communities with more mature solutions? We'd be glad to welcome you!

[0]: https://github.com/authzed/zed/pull/5

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Suggest a related project