awesome-repositories.com
Blog
awesome-repositories.com

Découvrez les meilleurs dépôts open-source grâce à notre recherche par IA.

ExplorerRecherches sélectionnéesAlternatives open sourceLogiciels auto-hébergésBlogPlan du site
ProjetÀ proposNotre méthodologiePresseServeur MCP
Mentions légalesConfidentialitéConditions d'utilisation
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

Contrôle d'accès

Classement mis à jour le 30 juin 2026

For an open source framework for access control, the strongest matches are hsluoyz/casbin (Casbin is an authorization library that provides a configurable), casbin/casbin (Casbin is a model-based authorization engine that supports policy-as-code) and openfga/openfga (OpenFGA is a fine-grained authorization server that implements relationship-based). spring-projects/spring-security and ory/keto round out the shortlist. Each is ranked by relevance to your query, popularity and recent activity.

Explorez des frameworks et bibliothèques open source pour gérer l'authentification, l'autorisation et les systèmes de permissions granulaires.

Contrôle d'accès

Trouvez les meilleurs dépôts grâce à l'IA.Nous recherchons les dépôts les plus pertinents grâce à l'IA.
  • hsluoyz/casbinAvatar de hsluoyz

    hsluoyz/casbin

    20,189Voir sur GitHub↗

    Casbin is an authorization library designed to manage application access control and permissions through a configurable model-based engine. It serves as a centralized system for verifying whether a user has permission to perform specific actions on a resource. The engine supports multiple access control models, including Role-Based Access Control, Attribute-Based Access Control, and Access Control Lists. It allows for the definition of role hierarchies and the evaluation of user, resource, and environment attributes to make access decisions. The library decouples authorization logic from dat

    Casbin is an authorization library that provides a configurable model-based engine supporting RBAC, ABAC, ACL, and role hierarchies, making it a straightforward fit for policy-as-code and fine-grained access control; it covers most requested features out of the box and is a well-established solution in the space.

    GoAttribute-based Access ControlsRole-Based Access ControlRole-Based Access Management
    Voir sur GitHub↗20,189
  • casbin/casbinAvatar de casbin

    casbin/casbin

    19,848Voir sur GitHub↗

    Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig

    Casbin is a model-based authorization engine that supports policy-as-code, RBAC, ABAC, and integrates with common identity providers, making it a strong fit for enforcing fine-grained access control across applications and APIs.

    GoAttribute-Based Access ControlAttribute-based Access ControlsRole-Based Access Control
    Voir sur GitHub↗19,848
  • openfga/openfgaAvatar de openfga

    openfga/openfga

    4,793Voir sur GitHub↗

    OpenFGA is a fine-grained authorization server and policy decision point that implements relationship-based access control. It serves as a centralized authorization service for evaluating access requests and managing relationship tuples across distributed microservices and multi-tenant environments. The engine combines relationship graphs with attribute-based access control, using the Common Expression Language to evaluate dynamic runtime attributes and conditional access rules. It handles complex hierarchies and nested permissions by traversing chains of associations and parent-child links t

    OpenFGA is a fine-grained authorization server that implements relationship-based access control with policy-as-code, RBAC, ABAC via CEL, and multi-tenant support, plus audit logging and decision tracing—exactly the comprehensive policy engine this search is seeking.

    GoAttribute-Based Access ControlFine-Grained Access ControlPolicy-as-Code Definitions
    Voir sur GitHub↗4,793
  • spring-projects/spring-securityAvatar de spring-projects

    spring-projects/spring-security

    9,535Voir sur GitHub↗

    Spring Security is a comprehensive security framework for Java applications that provides authentication and authorization for both web and non-web environments. It functions as an implementation of authentication and authorization logic integrated with the Java runtime environment to protect sensitive resources from unauthorized access. The framework includes toolkits for implementing OpenID Connect and OAuth 2.0 authorization servers and clients, as well as tools for integrating SAML 2.0 identity providers to enable cross-domain single sign-on. It utilizes a role-based access control system

    Spring Security is a Java-based authorization and access control framework that supports RBAC and OAuth2/OIDC/SAML integration, but its policy-as-code and ABAC support are configuration-driven rather than declarative, and it lacks built-in audit logging and multi-tenancy.

    JavaRole-Based Access ControlRole-Based Access Control SystemsSAML Integrations
    Voir sur GitHub↗9,535
  • ory/ketoAvatar de ory

    ory/keto

    5,270Voir sur GitHub↗

    Ory Keto is an open-source authorization server that implements Google Zanzibar’s relationship-based access control model. It stores every access relationship as a tuple in a SQL database and exposes a declarative TypeScript-like namespace language for defining object types, relations, and permissions. The service provides bidirectional permission resolution, configurable consistency levels for checks, and dual gRPC and REST APIs for broad integration. Keto extends the Zanzibar model with edge enforcement of access policies, structured compliance auditing of permission decisions, and infrastr

    Ory Keto is an open-source authorization server that implements Google Zanzibar’s relationship-based model with a declarative policy language, fine-grained permissions, RBAC/ABAC support, and audit logging — directly matching your need for a policy-as-code access control engine with integration and multi-tenancy capabilities.

    GoAttribute-based Access ControlsPolicy Definition LanguagesPolicy-as-Code Definitions
    Voir sur GitHub↗5,270
  • open-policy-agent/opaAvatar de open-policy-agent

    open-policy-agent/opa

    11,860Voir sur GitHub↗

    This project is a unified, cloud-native policy engine designed to decouple authorization and security logic from application codebases. It functions as a centralized authorization service that evaluates structured input data against declarative rules, enabling consistent policy enforcement across microservices, infrastructure, and continuous integration pipelines. The engine utilizes a specialized logic programming language to express complex constraints, which are compiled into an optimized intermediate representation for high-performance evaluation. By supporting both sidecar-based deployme

    OPA is a dedicated, cloud-native policy engine that enforces authorization and access control via declarative policy-as-code (Rego), supporting RBAC, ABAC, audit logging, and multi-tenancy — directly matching the search for an open-source authorization and policy engine.

    GoPolicy-As-Code Engines
    Voir sur GitHub↗11,860
  • kanidm/kanidmAvatar de kanidm

    kanidm/kanidm

    4,595Voir sur GitHub↗

    Kanidm is a centralized identity management server designed to handle authentication, authorization, and directory services across distributed infrastructure. It provides a comprehensive framework for managing human and service accounts, utilizing a schema-driven database to store identity records, group memberships, and system attributes. The platform supports a wide range of authentication methods, including passkeys, passwords, and standard protocols like OAuth2, OIDC, LDAP, and RADIUS. The system distinguishes itself through a granular access control engine that enforces security policies

    Kanidm is an identity management server with a built-in granular access control engine that enforces authorization policies via RBAC, ABAC, and integration with identity providers like OAuth2 and OIDC, but it is a full IAM platform rather than a standalone policy engine and may not offer explicit policy-as-code or audit logging out of the box.

    RustAttribute-Based Access ControlRole-Based Access ControlRole-Based Access Controls
    Voir sur GitHub↗4,595
  • casdoor/casdoorAvatar de casdoor

    casdoor/casdoor

    13,814Voir sur GitHub↗

    Casdoor is a centralized identity and access management platform that functions as an OAuth 2.0 authorization server. It provides a comprehensive suite of services for managing user identities, authentication sessions, and access policies across both web and machine-to-machine applications. Built with a decoupled frontend-backend architecture in Go, the platform supports high-concurrency environments and offers a web-based management interface for administrative tasks. The platform distinguishes itself through its extensive support for federated identity management, allowing integration with

    Candidate is a centralized identity and access management platform that enforces access policies, integrates with identity providers, and provides audit logging—well suited for authorization needs, though its policy-as-code support is less explicit than a dedicated policy engine.

    GoGranular Access ControlsRole-Based Access ControlIdentity Federation
    Voir sur GitHub↗13,814
  • goauthentik/authentikAvatar de goauthentik

    goauthentik/authentik

    22,035Voir sur GitHub↗

    Authentik is a centralized identity and access management platform designed to serve as a unified authentication authority. It enables enterprise single sign-on across diverse applications and services, providing a cloud-native identity provider that manages user sessions and security protocols from a single location. The platform distinguishes itself through a policy-driven flow engine and a visual orchestration interface. This allows administrators to design complex, custom authentication workflows by chaining modular verification stages and conditional logic. These workflows can be further

    Authentik is a full-featured identity and access management platform with a policy-driven flow engine that directly handles authorization, access control, and policy enforcement for applications and APIs, supporting policy-as-code, RBAC, multi-tenancy, identity provider integration, and audit logging — fitting the search for an open-source authorization policy engine.

    PythonIdentity and Access ManagementIdentity and Access Management ServersIdentity Providers
    Voir sur GitHub↗22,035
  • cerbos/cerbosAvatar de cerbos

    cerbos/cerbos

    4,460Voir sur GitHub↗

    Cerbos is an open-source authorization service that provides a centralized, language-agnostic engine for managing access control. It functions as a policy-as-code platform, allowing teams to define, test, and distribute authorization rules using declarative YAML or JSON configurations. By decoupling access logic from application code, it enables consistent permission enforcement across diverse service stacks. The project distinguishes itself through its ability to translate high-level authorization policies into native database query filters. This capability allows applications to enforce sec

    Cerbos is a language-agnostic, open-core authorization engine that lets you write context-aware access control policies as code, directly matching the need for a policy-based access control tool with RBAC, ABAC, fine-grained permissions, and audit trail support.

    GoAttribute-Based Access ControlPolicy-as-Code DefinitionsRole-Based Access Control
    Voir sur GitHub↗4,460
  • keycloak/keycloakAvatar de keycloak

    keycloak/keycloak

    34,934Voir sur GitHub↗

    Keycloak is an open-source identity and access management server that provides a centralized platform for user authentication, authorization, and identity federation. It functions as a standards-compliant identity provider, utilizing a centralized engine to validate credentials and issue cryptographically signed tokens based on industry-standard protocols like OpenID Connect and SAML. This enables organizations to secure diverse applications and services through a unified authentication layer. The platform distinguishes itself through its cloud-native orchestration and high-availability capab

    Keycloak is an open-source identity and access management server that includes a full-featured authorization service with fine-grained role- and attribute-based permissions, multi-tenant realms, and built-in audit logging, making it a strong fit for your authorization and access control needs even though it also covers broader IAM use cases.

    JavaIdentity ServersIdentity Management SystemsIdentity Providers
    Voir sur GitHub↗34,934
  • elabs/punditAvatar de elabs

    elabs/pundit

    8,509Voir sur GitHub↗

    Pundit is a Ruby authorization framework that implements policy-based access control. It maps domain models to dedicated logic classes that determine whether a user is permitted to perform specific actions on data objects. The framework utilizes plain Ruby objects to decouple authorization logic from the model. It includes mechanisms for data query scoping to filter record collections based on user permissions, as well as attribute-level permission control to restrict which specific model fields a user can modify. The system provides tools for authorization coverage verification to ensure se

    Pundit is a Ruby authorization framework that uses plain Ruby objects to define per-model policies, providing fine-grained attribute-level and record-level access control; it fits the search for a policy-as-code engine for applications, though it lacks built-in multi-tenancy or audit logging and is Ruby-specific.

    RubyAuthorization PoliciesAccess PoliciesPolicy-Based Access Control
    Voir sur GitHub↗8,509
Comparez le top 10 en un coup d'œil
DépôtStarsLangageLicenceDernier push
hsluoyz/casbin20.2KGoApache-2.016 juin 2026
casbin/casbin19.8KGoapache-2.06 févr. 2026
openfga/openfga4.8KGoapache-2.019 févr. 2026
spring-projects/spring-security9.5KJavaApache-2.022 juin 2026
ory/keto5.3KGoapache-2.020 févr. 2026
open-policy-agent/opa11.9KGoApache-2.016 juin 2026
kanidm/kanidm4.6KRustmpl-2.019 févr. 2026
casdoor/casdoor13.8KGoApache-2.022 juin 2026
goauthentik/authentik22KPythonNOASSERTION16 juin 2026
cerbos/cerbos4.5KGoApache-2.016 juin 2026

Related searches

  • an open source tool for digital privacy
  • Network access control
  • un framework d'autorisation pour gérer les permissions utilisateur
  • une bibliothèque d'autorisation pour gérer le contrôle d'accès
  • Concurrency control libraries
  • Authentification et autorisation
  • State management library
  • Access control management