Topaz is an open-source authorization service providing fine grained, real-time, policy based access control for applications and APIs.
It comes with built in support for every major programming language as well as every popular authorization model (RBAC, ABAC, PBAM, ReBAC, and combinations).
No features have been listed yet.
No Topaz.sh videos yet. You could help us improve this page by suggesting one.
Topaz.sh's answer
It is the only open-source authorization project to support every authorization model and combinations
Topaz.sh's answer
Applications developers charged with implementing access controls for their applications/APIs
Topaz.sh's answer
Golang based and uses Open Policy Agent as the decision engine
Based on our record, Warrant seems to be a lot more popular than Topaz.sh. While we know about 21 links to Warrant, we've tracked only 1 mention of Topaz.sh. We are tracking product recommendations and mentions on various public social media platforms and blogs. They can help you identify which product is more popular and what people think of it.
Congrats on the launch! [Disclosure: I'm one of the co-founders of Aserto, the creators of Topaz]. The problem of data filtering is indeed a huge part of building an effective authorization system. Partial evaluation is one way of doing it, although with systems like OPA [0] it requires a lot of heavy lifting (parsing the returned AST and converting it into a WHERE clause). Looking forward to seeing how turnkey... - Source: Hacker News / about 1 month ago
Warrant — Hosted enterprise-grade authorization and access control service for your apps. The free tier includes 1 million monthly API requests and 1,000 authz rules. - Source: dev.to / 3 months ago
The specific challenge with authz in the app layer is that different apps can have different access models with varying complexity, especially the more granular you get (e.g. Implementing fine grained access to specific objects/resources - like Google Docs). Personally, I think a rebac (relationship/graph based) approach works best for apps because permissions in applications are mostly relational and/or... - Source: Hacker News / 4 months ago
Let's use warrant.dev as an example. The system provides a set of REST APIs for you to define object types and access policies (called warrants). The general process is first to create object types using HTTP POST:. - Source: dev.to / 5 months ago
Https://warrant.dev/ (Provider) Relatively new authZ provider, they have a dashboard where you can manage your rules in a central location and then use them from multiple languages via their SDKs, even on the client to perform UI checks. Rules can also be managed programmatically via SDK. - Source: dev.to / 6 months ago
Hey HN, I recently shared my thoughts on why Google Zanzibar is a great solution for implementing authorization[1] and why we decided to build Warrant’s core authz service using key concepts from the Zanzibar paper. As I mentioned in the post, we recently open sourced the authz service powering our managed cloud service, Warrant Cloud[2], so I thought I’d share it with everyone here. Cheers! [1]... - Source: Hacker News / 11 months ago
authzed - The platform to store, compute, and validate app permissions
Cerbos - Cerbos helps teams separate their authorization process from their core application code, making their authorization system more scalable, more secure and easier to change as the application evolves.
Aserto - Fine-grained, scalable authorization in minutes
Ory - Developer-first Access Management
Oso - A batteries-included system for authorization.
Permify - Permify-Gorm is an open-source library for adding granular permissions and role management to your SaaS apps, so you can get the market faster.