Authorization built to scale. Enable user collaboration and granular access control in your applications using developer-friendly APIs.
Authorization (AuthZ) is what determines whether an actor can perform a certain action on a particular resource, often via roles. For example, a budgeting application can read a person’s bank balance, but not perform transactions.
Fine-Grained Authorization (FGA) takes this a step further and addresses more granular, atomic authorization challenges that are often dynamic in nature, such as being able to access individual folders, files, or capabilities within a system based on actor attributes and their relationship to the resource.
In our Auth0 Lab experiment, codenamed Sandcastle, we explored the feasibility and viability of a large scale FGA solution as a service using relationship based access control (ReBAC) based on Google Zanzibar.
Sandcastle has graduated from the Lab and is now an "Authorization as a service" product: Okta FGA, currently in early access. Okta FGA enables user collaboration and granular access control in your applications using developer-friendly APIs.
Additionally, an OSS project called OpenFGA was published and accepted into CNCF. OpenFGA is a high performance and flexible authorization system built for developers and inspired by Google Zanzibar.
Zanzibar handles authorization for YouTube, Drive, Google Cloud and all of Google's other products
Fine-Grained Authorization Authorization Playground
This interactive playground allows you to learn about Auth0 FGA, an Auth0 initiative to solve fine-grained authorization at...
Enable user collaboration and granular access control in your applications using developer-friendly APIs
A flexible Fine-Grained Authorization system inspired by Google's Zanzibar, designed for reliability and low latency at scale.