5 repositorios
Systems for persisting subject-object relationship tuples for access control.
Distinguishing note: Distinct from general data stores or constraints; specifically about the persistence of authorization tuples.
Explore 5 awesome GitHub repositories matching data & databases · Relationship Data Storage. Refine with filters or upvote what's useful.
SpiceDB is a distributed permission store and relationship-based access control system. It provides a scalable database for storing and querying fine-grained authorization relationships, implementing a consistency model inspired by Google Zanzibar to manage access rights across large-scale applications. The system uses a dedicated schema language to define the rules and logic governing how relationships translate into permissions independently of application code. It functions as a pluggable authorization engine that persists relationship tuples in external relational databases such as Postgr
Persists fine-grained authorization tuples across various supported database engines.
Removes stored relationships and attributes to revoke access or clean up stale data.
Opal es un motor de distribución de políticas y sincronizador de datos de autorización en tiempo real. Sirve como plano de gestión para desplegar y monitorear motores de políticas distribuidos, como OPA y Cedar, en arquitecturas de microservicios. El proyecto centraliza la administración de políticas y datos mientras despliega puntos de decisión descentralizados. El sistema destaca por desacoplar el código de políticas, gestionado mediante control de versiones, de los datos de autorización recuperados de bases de datos y APIs externas. Utiliza un modelo de distribución de estado basado en pub/sub para enviar actualizaciones inmediatas a los agentes mediante WebSockets y webhooks, asegurando que los agentes descentralizados mantengan un estado sincronizado sin depender de polling periódico. La plataforma cubre capacidades de amplio alcance, incluyendo aislamiento de políticas multi-inquilino mediante distribución con scope, monitoreo de salud de agentes con sondas de vivacidad (liveness probes) y la orquestación de motores de políticas como sidecars. Proporciona además mecanismos para caché local para admitir operaciones sin conexión y autenticación segura de clientes mediante tokens firmados. El servidor de administración puede desplegarse como un contenedor o dentro de un clúster de Kubernetes utilizando un gestor de paquetes.
Propagates data-change notifications via pub/sub to trigger agents to refresh their local authorization caches from external databases.
OpenFGA is a fine-grained authorization server and policy decision point that implements relationship-based access control. It serves as a centralized authorization service for evaluating access requests and managing relationship tuples across distributed microservices and multi-tenant environments. The engine combines relationship graphs with attribute-based access control, using the Common Expression Language to evaluate dynamic runtime attributes and conditional access rules. It handles complex hierarchies and nested permissions by traversing chains of associations and parent-child links t
Provides a specialized persistence layer for storing subject-object relationship tuples used in access control decisions.
node-oauth2-server is an OAuth2 server implementation for Node.js that functions as an authorization provider. It enables the creation of a centralized server to manage client registration and issue access tokens for third-party applications using the OAuth2 protocol. The project operates as Node.js middleware, integrating authorization logic directly into web application request pipelines. It provides a bearer token validator to verify identity and permissions by checking security tokens within incoming HTTP request headers. The system covers API access control, token management, and user a
Stores client, token, and user authorization data within a persistent database system.