29 Repos
Security frameworks that enforce permissions based on resource metadata and user attributes.
Distinguishing note: Focuses on metadata-driven policy enforcement rather than role-based access.
Explore 29 awesome GitHub repositories matching security & cryptography · Attribute-Based Access Control. Refine with filters or upvote what's useful.
LangGraph is a framework for building stateful, multi-step agentic workflows by modeling application logic as a directed graph. It provides a runtime environment where complex tasks are orchestrated through interconnected nodes and edges, allowing developers to manage state transitions, persistent memory, and control flow across long-running automated processes. The platform distinguishes itself through its native support for human-in-the-loop automation, enabling developers to define breakpoints that pause execution for manual review, modification, or approval. It also features checkpoint-ba
Enforces granular security policies by evaluating resource tags and user attributes.
Deepagents is an LLM agent orchestration platform and stateful application server designed for deploying and managing AI agents built with computational graphs. It provides a containerized runtime environment that handles agent execution, state persistence, and the versioning of AI assistants. The platform distinguishes itself through deep integration with the Model Context Protocol, allowing agents to function as servers that expose tools and capabilities to external clients. It features a sophisticated observability suite for capturing execution traces, performing LLM-based evaluations agai
Enforces permissions based on resource metadata and tags to grant fine-grained access.
FastMCP is a Python framework designed for building servers that expose functions, resources, and prompts to AI models using the Model Context Protocol. It simplifies the development process by automatically deriving tool metadata, input schemas, and documentation directly from Python function signatures and type hints. The framework provides a unified container for managing these components, allowing developers to build modular applications that integrate seamlessly with AI assistants. The project distinguishes itself through its support for interactive, server-defined user interface compone
Applies attribute-based access control policies that inspect and validate specific tool arguments.
Cube is a semantic data layer that provides a unified framework for defining business metrics, dimensions, and relationships across diverse data sources. By acting as a headless business intelligence engine, it transforms raw data into a governed model that can be queried via SQL, REST, and GraphQL interfaces. This architecture ensures consistent data definitions and logic across all downstream analytical applications and reporting tools. The platform distinguishes itself through its integrated conversational AI capabilities, which allow users to explore data using natural language. It orches
Provides programmatic access to user attributes for dynamic security context and personalization.
Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig
Provides a flexible authorization engine that enforces role-based, attribute-based, and relationship-based access control models.
Memori is an AI agent memory middleware platform designed to provide persistent, context-aware recall for language models. It functions as a non-intrusive layer that intercepts outbound model requests to automatically capture interaction history and execution traces, ensuring that agents maintain continuity across sessions without requiring modifications to existing application logic. The platform distinguishes itself through a dual-model storage architecture that maintains information as both structured relational primitives for precise fact retrieval and rolling narrative summaries for situ
Links stored information to specific users and processes to ensure data isolation and accurate retrieval.
This project is a reverse proxy server that secures internal web services by enforcing authentication against external identity providers. It acts as a gatekeeper for incoming HTTP traffic, validating user identity before forwarding requests to protected backend applications. By integrating with OAuth2 and OIDC providers, the proxy ensures that only authorized users can access internal resources. The proxy distinguishes itself through its flexible session management and granular access control. It maintains authenticated user state across requests using either encrypted client-side cookies or
Filters incoming traffic based on verified user attributes such as email address, domain membership, or group affiliation.
Planning with files is an enterprise knowledge graph platform designed to transform unstructured organizational data into a searchable, interconnected network. By utilizing a graph-based retrieval-augmented generation engine, the system grounds language model outputs in verified internal data, ensuring that responses are explainable, traceable, and free from hallucinations. The platform distinguishes itself through a focus on data sovereignty and secure, private infrastructure deployment. It enables organizations to maintain full control over sensitive information by processing data locally o
Enforces granular security permissions at the data level using resource metadata and user attributes to ensure regulatory compliance.
Formbricks is an open-source survey and feedback platform designed to help teams capture and analyze user insights through targeted, in-app, and website-based interactions. It functions as a comprehensive customer experience analytics system that allows organizations to maintain full control over their data, user attributes, and survey workflows. The platform distinguishes itself through its event-driven architecture, which enables precise behavioral targeting by triggering surveys based on specific user actions or application events. It supports deep integration with external ecosystems by a
Enables the retrieval of user attribute definitions to facilitate structured data access and personalization.
This project is an open-source identity provider and single sign-on platform that centralizes user authentication for multiple web applications and services. It functions as a multi-protocol authentication gateway, verifying user identities and issuing tokens through the CAS protocol as well as industry standards including SAML, OAuth2, and OpenID Connect. The system acts as a federated identity server, allowing authentication to be delegated to external third-party or corporate identity providers. It distinguishes itself through identity attribute governance, which manages which specific use
Implements a rule-based engine to control the release of user profile data and permissions to connected applications.
Firefox is a cross-platform web browser engine designed to render web content, execute JavaScript, and manage secure browsing sessions. It utilizes a multi-process isolation architecture that distributes browser tasks across independent operating system processes to ensure stability and prevent site-specific failures from impacting the entire application. The engine incorporates a sandboxed execution environment to restrict web content and untrusted scripts to isolated memory compartments, enforcing security policies that prevent unauthorized access to system resources. The project distinguis
Determines if one security context has authorization to access another by checking if the former subsumes the latter.
LiveContainer is an iOS app container manager that runs applications in isolated sandboxes with separate data, keychain, and vendor identifiers, bypassing Apple's free developer account installation limits. It uses Just-In-Time compilation to launch unsigned apps without a developer certificate, and supports running multiple instances and versions of the same app simultaneously. The tool also injects custom dynamic libraries and framework tweaks at launch, applied globally or per application. Beyond basic containerization, LiveContainer provides advanced multitasking with resizable virtual or
LiveContainer assigns unique keychain access groups per container, supporting up to 128 separate accounts per app.
Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management.
Enforces request permissions by evaluating user attributes, roles, and relationships via a centralized policy engine.
Javalin is a lightweight web framework for Java and Kotlin designed for building REST APIs and web applications. It functions as an embedded Jetty web server, allowing applications to run as standalone processes without the need for an external servlet container. The project provides specialized frameworks for diverse communication patterns, including a REST API framework with automatic OpenAPI schema generation, a GraphQL API framework with query and mutation resolvers, and a WebSocket server for bidirectional real-time communication. It also includes a dedicated framework for pushing real-t
Supports application attribute stores for retrieving globally registered attributes within any handler context.
KeychainAccess is a Swift library used for storing and retrieving encrypted data within the Apple system keychain across iOS and macOS. It provides a type-safe interface for managing sensitive information and user credentials on iOS, macOS, tvOS, and watchOS. The library includes a biometric authentication interface that requires FaceID or TouchID verification with custom prompts before accessing specific secure items. It also enables the synchronization of credentials across Apple devices via a cloud keychain and provides a manager for sharing login credentials between native applications an
Manages shared credentials between apps by specifying access groups within the keychain search dictionary.
This is a Laravel package that provides a database audit trail by automatically logging user actions and Eloquent model events. It records create, update, and delete operations on models into a dedicated database table, creating a searchable record of changes for tracking and review. The package distinguishes itself through extensive configuration and customization options. You can control which model attributes are logged, specify which events trigger logging, customize activity descriptions, and modify activity records before they are saved. It supports logging changes to pivot models, trac
Provides the ability to exclude specified attributes from activity log entries.
CloudEvents is an open specification for describing event data in a common format across cloud platforms and services. It defines a standard structure and set of metadata attributes for events, enabling interoperability across different systems so producers and consumers can exchange events without custom translation. The specification provides a protocol-agnostic serialization framework that maps CloudEvents attributes and payloads to multiple serialization formats including JSON, Avro, and Protobuf, and defines transport bindings for mapping events onto protocols like HTTP, AMQP, Kafka, MQTT
Defines well-known optional extension attributes for CloudEvents to support sampling, partitioning, and sequence tracking.
Evaluates runtime attributes such as IP ranges and time periods during permission graph traversal.
Timber is a PHP library that integrates the Twig template engine into WordPress themes, providing an object-oriented framework for theme development. It wraps WordPress data — posts, terms, users, menus, and comments — in structured PHP classes, allowing developers to work with objects instead of raw arrays while keeping HTML markup separate from PHP logic through Twig templates. The library distinguishes itself by offering a complete set of tools for modern WordPress theme building. It includes a file-based template hierarchy with fallback chains, dynamic image manipulation with resizing, cr
Returns HTML language attributes for the current site, useful for the tag.
Active Model Serializers ist ein Ruby-on-Rails-JSON-Serializer, der verwendet wird, um Modellobjekte und Assoziationen in strukturierte JSON-Antworten für APIs umzuwandeln. Er fungiert als Modell-zu-JSON-Mapper und Response-Formatter, der interne Datenbankschemata von externen API-Verträgen entkoppelt. Das Projekt nutzt ein pluggbares Adapter-Muster, um serialisierte Daten gemäß spezifischen Standards, wie der JSON-API-Spezifikation, zu organisieren. Es bietet einen Mechanismus, um interne Attribute auf benutzerdefinierte JSON-Schlüssel abzubilden, und implementiert einen Serialisierungs-Scope, der Attribut- und Assoziationsfilterung basierend auf Autorisierungskontext und Benutzerberechtigungen ermöglicht. Das Toolset deckt Datentransformation durch die Verwendung virtueller Attribute und die Verwaltung assoziierter Daten via Sideloading oder ID-Embedding ab. Es enthält Funktionen für die Injektion von Response-Metadaten, fragmentbasiertes Caching von Ergebnissen und Performance-Instrumentierung zur Verfolgung von Serialisierungsmetriken.
Controls which attributes and associations appear in the output based on the current authorization context.