Attribute-Based Access Control Libraries
Open-source libraries for implementing fine-grained, policy-driven authorization logic within your software applications.
Attribute-Based Access Control Libraries
Find the best repos with AI.We'll search the best matching repositories with AI.
- open-policy-agent/opa
open-policy-agent/opa
11,860View on GitHubThis project is a unified, cloud-native policy engine designed to decouple authorization and security logic from application codebases. It functions as a centralized authorization service that evaluates structured input data against declarative rules, enabling consistent policy enforcement across microservices, infrastructure, and continuous integration pipelines. The engine utilizes a specialized logic programming language to express complex constraints, which are compiled into an optimized intermediate representation for high-performance evaluation. By supporting both sidecar-based deployme
This is a comprehensive, industry-standard policy engine that uses policy-as-code to provide fine-grained, context-aware authorization across distributed systems, perfectly matching your requirements for an ABAC solution.
GoPolicy-As-Code EnginesPolicy Enforcement EnginesDeclarative Access Control - casbin/casbin
casbin/casbin
19,848View on GitHubCasbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig
Casbin is a comprehensive authorization engine that supports policy-as-code through configuration-driven models, enabling fine-grained, context-aware access control across multiple languages and integration with OIDC/SSO workflows.
GoAttribute-Based Access ControlAttribute-based Access ControlsAuthorization Policies - hsluoyz/casbin
hsluoyz/casbin
20,189View on GitHubCasbin is an authorization library designed to manage application access control and permissions through a configurable model-based engine. It serves as a centralized system for verifying whether a user has permission to perform specific actions on a resource. The engine supports multiple access control models, including Role-Based Access Control, Attribute-Based Access Control, and Access Control Lists. It allows for the definition of role hierarchies and the evaluation of user, resource, and environment attributes to make access decisions. The library decouples authorization logic from dat
Casbin is a robust, policy-as-code authorization engine that natively supports attribute-based access control, context-aware evaluation, and multi-language implementations, making it a comprehensive solution for fine-grained access management.
GoAttribute-based Access ControlsAuthorization Policies - openfga/openfga
openfga/openfga
4,793View on GitHubOpenFGA is a fine-grained authorization server and policy decision point that implements relationship-based access control. It serves as a centralized authorization service for evaluating access requests and managing relationship tuples across distributed microservices and multi-tenant environments. The engine combines relationship graphs with attribute-based access control, using the Common Expression Language to evaluate dynamic runtime attributes and conditional access rules. It handles complex hierarchies and nested permissions by traversing chains of associations and parent-child links t
OpenFGA is a robust authorization server that provides policy-as-code and fine-grained access control, and while it primarily focuses on relationship-based models, it natively incorporates attribute-based evaluation to handle the context-aware policies you require.
GoAttribute-Based Access ControlRequest-Time Context EvaluationFine-Grained Access Control - ory/keto
ory/keto
5,270View on GitHubOry Keto is an open-source authorization server that implements Google Zanzibar’s relationship-based access control model. It stores every access relationship as a tuple in a SQL database and exposes a declarative TypeScript-like namespace language for defining object types, relations, and permissions. The service provides bidirectional permission resolution, configurable consistency levels for checks, and dual gRPC and REST APIs for broad integration. Keto extends the Zanzibar model with edge enforcement of access policies, structured compliance auditing of permission decisions, and infrastr
Ory Keto is a robust authorization server that provides fine-grained, policy-as-code access control, though it primarily implements a relationship-based (ReBAC) model rather than traditional attribute-based (ABAC) logic.
GoAttribute-based Access ControlsPolicy Definition LanguagesPolicy-as-Code Definitions - yusing/godoxy
yusing/godoxy
3,360View on GitHubGodoxy is a Docker container orchestrator and reverse proxy manager. It provides a centralized system for managing the lifecycle, power states, and resource usage of virtualized containers, while routing HTTP, TCP, and UDP traffic to backend services with automatic route discovery. The project distinguishes itself through an OIDC access control gateway that authenticates users via external identity providers and a resource optimization system that puts idle containers to sleep and wakes them automatically when network requests arrive. It also includes an automatic SSL certificate manager that
This project is a container orchestrator and reverse proxy that includes access control as a secondary feature, rather than a dedicated library or engine for implementing ABAC in your own applications.
GoAttribute-Based Access ControlOIDC Identity IntegrationsSingle Sign-On Integrations
