SEATTLE--(BUSINESS WIRE)--Aserto the authorization-as-a-service platform and creators of Open Policy Registry (OPCR), a docker-inspired workflow for Open Policy Agent (OPA) policies, today announces a new open-source project: Topaz. Topaz is a cloud-native authorization service, providing fine-grained, policy-based, real-time access control for applications and APIs. Topaz is built on top of the CNCF OPA decision engine and supports the Google Zanzibar (ReBAC) authorization model in a first-class way. With Topaz you can scale your authorization model from RBAC to ABAC and ReBAC, while retaining the benefits of policy-as-code, decision logging, and a local deployment model.
"Authorization involves really hard problems that I want experts to solve. Aserto allows us to do just that, at a small fraction of the cost it would take to build and maintain it ourselves." – David Kerber, VP Technology at Spreetail
A modern access control system needs to provide the following:
- Unified authorization service with a decentralized architecture to ensure low latency with high availability.
- Real-time access checks to eliminate the threat of authorizing using stale permissions (or access tokens).
- Fine-grained authorization so that your organization can easily evolve simple role-based access control (RBAC) into attribute-based access control (ABAC), and relationship-based access control (ReBAC), or a combination of these.
- Policy-based access management so that the authorization logic is extracted from the application code and built into an immutable, signed policy image and managed centrally, just like any other application artifact.
- Decision logs of every authorization decision performed for compliance, forensics, and auditability.
The Topaz open-source project was built with these goals in mind. It uses OPA as its decision engine, incorporates a directory modeled after Google’s Zanzibar, and is a great place to start when building out a flexible authorization system for cloud applications.
The Aserto authorization service is built on top of Topaz and provides a control plane which enables central management of policies, users, groups, objects, relations, and decision logs. And it syncs any changes to these with every locally-deployed authorizer over a real-time data fabric.
“Building & managing an authorization system is a huge pain, especially at enterprise scale. So stop! Aserto has a distributed, millisecond latency, 100% availability API for that." – Tom Preston-Werner, Co-founder of Github
Open-source fine-grained access control for applications
Currently, only large organizations with sizable engineering teams, such as Google, Intuit, Netflix, Airbnb, and Carta can build fine-grained authorization systems that fulfill all the requirements. Topaz democratizes this capability with a single, unified authorization service that combines the best of the Open Policy Agent and the Google Zanzibar ReBAC model, providing developers with the best attributes of each.
Resources
Connect with Aserto
About Aserto
Aserto helps developers build secure applications. We make it easy to add fine-grained, policy-based, real-time access control to cloud applications and APIs.
Built around established cloud-native, open-source technologies, like OPA and Zanzibar, Aserto handles all the heavy lifting required to achieve secure, scalable, high-performance access management.
Aserto authorizes locally and manages centrally, offering blazing-fast authorization of a local library, coupled with a centralized control plane for managing policies, user attributes, resource and relationship data, and decision logs. And it comes with everything you need to deliver fine-grained RBAC, ABAC, or ReBAC, as well as comprehensive developer resources for any language or framework - saving you months of engineering time.