Flexibility
Warrant provides a highly flexible authorization system that can be tailored to fit various application requirements, enabling developers to implement precise access control rules.
Integration
The platform offers seamless integration with existing systems and applications, allowing for easy adoption and minimal disruption to pre-existing workflows.
Scalability
Warrant is designed to handle a large number of requests, making it suitable for applications that need to scale and support a growing user base.
Developer-Friendly
With comprehensive documentation and a user-friendly interface, developers can quickly learn and implement authorization features into their applications.
Promote Warrant. You can add any of these badges on your website.
I think one major difference between the Zanzibar implementations that are out there is support for the 'zookie' consistency token (as mentioned in the original paper). OpenFGA afaik doesn't implement zookies yet[1]. With zookies, each permission write generates a unique token that represents that particular write. Clients can store that token (per resource) and optionally provide it during runtime checks to... - Source: Hacker News / 5 months ago
Warrant — Hosted enterprise-grade authorization and access control service for your apps. The free tier includes 1 million monthly API requests and 1,000 authz rules. - Source: dev.to / 12 months ago
The specific challenge with authz in the app layer is that different apps can have different access models with varying complexity, especially the more granular you get (e.g. Implementing fine grained access to specific objects/resources - like Google Docs). Personally, I think a rebac (relationship/graph based) approach works best for apps because permissions in applications are mostly relational and/or... - Source: Hacker News / about 1 year ago
Let's use warrant.dev as an example. The system provides a set of REST APIs for you to define object types and access policies (called warrants). The general process is first to create object types using HTTP POST:. - Source: dev.to / about 1 year ago
Https://warrant.dev/ (Provider) Relatively new authZ provider, they have a dashboard where you can manage your rules in a central location and then use them from multiple languages via their SDKs, even on the client to perform UI checks. Rules can also be managed programmatically via SDK. - Source: dev.to / about 1 year ago
Hey HN, I recently shared my thoughts on why Google Zanzibar is a great solution for implementing authorization[1] and why we decided to build Warrant’s core authz service using key concepts from the Zanzibar paper. As I mentioned in the post, we recently open sourced the authz service powering our managed cloud service, Warrant Cloud[2], so I thought I’d share it with everyone here. Cheers! [1]... - Source: Hacker News / over 1 year ago
More than two years after choosing to build Warrant atop Zanzibar’s core principles, we’re extremely happy with our decision. Doing so gave us a solid technical foundation on which to tackle the various complex authorization challenges companies face today. As we continue to encounter new scenarios and use cases, we’ll keep iterating on Warrant to ensure it’s the most capable authorization service. To share what... - Source: dev.to / over 1 year ago
> though we would have preferred a managed solution We completely agree here, which is why we initially started out with our managed cloud offering, Warrant Cloud[1]. While Zanzibar is powerful, operating it with solid latency/availability can be quite challenging. [1] https://warrant.dev/. - Source: Hacker News / over 1 year ago
What we're building at Warrant (https://warrant.dev/) might work for a lot of what you mentioned including APIs to build and manage multi-tenancy, groups, users, orgs/tenants. Note - Warrant is an authz engine so it doesn't handle authn/identity/SSO but can plug-in with any authn system. - Source: Hacker News / over 1 year ago
They might not be the exact same concept but they're definitely related. I'd argue feature flags, authorization, and pricing tiers/entitlements all make up modern 'access control' and 'access management'. It used to be that authz was just roles and permissions assigned to users, or feature flags & entitlements just booleans, but sophisticated systems allow for all kinds of permutations and rules based on... - Source: Hacker News / almost 2 years ago
Disclaimer: I'm a founder at warrant.dev. We've built a managed cloud-based authz system that works for a variety of authz schemes (RBAC, fine-grained, custom). Source: almost 2 years ago
Disclaimer: I'm the founder of an authorization company [1] & previously worked at a large, enterprise/SaaS company so basing my comment on my experiences. Your considerations and things you need to worry about will vary greatly based on your stage (early-stage startup, late-stage startup, public, etc.), market (fintech, health-tech, etc.) and customers you target (early-stage startups or bigger, Fortune 100... - Source: Hacker News / about 2 years ago
I know of warrant.dev, osohq.com, and Ory Keto but I don't see that these evaluate based on attributes. Source: about 2 years ago
Https://warrant.dev/ (Provider) Relatively new authZ provider, they have a dashboard where you can manage your rules in a central location and then use them from multiple languages via their SDKs, even on the client to perform UI checks. Rules can also be managed programmatically via SDK. - Source: dev.to / about 2 years ago
Warrant — Hosted enterprise-grade authorization and access control service for your apps. Free tier includes 1 million API requests per month and 1,000 authz rules. - Source: dev.to / about 2 years ago
Warrant is a fully managed authorization service that helps you add access control to your application and manage its access policies over time. Built from the ground up to solve the challenges of building and maintaining authorization in consumer & enterprise SaaS products, Warrant makes it dead simple to implement role based access control, fine grained access control, and other authorization schemes. Add... - Source: dev.to / over 2 years ago
Which service to use for billing will depend on how you plan to charge your customers (flat monthly rate, usage based, etc.), so it's worth thinking about pricing first and then exploring the options available on the market. Even though they don't have a specific usage based billing product, my default recommendation is Stripe because it's so easy to setup and manage, and they really have the best... - Source: Hacker News / about 3 years ago
What stack are you building on? Warrant (https://warrant.dev) can help with implementing authorization. Happy to chat if you have any questions (full disclosure: I'm one of the co-founders). - Source: Hacker News / about 3 years ago
Thanks for your response! A lot of the issues and solutions you mentioned remind me of my time in past roles. More companies deal with authz related issues than we think, yet there aren't many products available that solve these long-term operational problems (UI, managing existing/new permissions over time, etc). Most solutions are just basic DIY libraries, although services like Warrant (https://warrant.dev/)... - Source: Hacker News / about 3 years ago
Access Control isn't a core focus for most applications, but it's critical to get right. The margin for error is very low, and even a minor issue in authorization logic could expose privileged data and actions to users who shouldn't have access to them. If you don't want to worry about authorization best practices and implementing secure access control, use Warrant to add access control to your application using... - Source: dev.to / over 3 years ago
A great introductory read on such an expansive topic. Authz is a long-standing problem without a real standardized solution yet. I think improving everyone's understanding of the core problems that authz presents is a nice first step to building better standards/best practices. Whether you're building something in-house or evaluating a third party library/service, I've found that OWASP has great content,... - Source: Hacker News / over 3 years ago
Do you know an article comparing Warrant to other products?
Suggest a link to a post with product alternatives.
This is an informative page about Warrant. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.