Tags: muharihar/keto
Tags
We are extremely happy to announce next-gen Ory Keto which implements [Zanzibar: Google’s Consistent, Global Authorization System](https://research.google/pubs/pub48190/): > Zanzibar provides a uniform data model and configuration language for expressing a wide range of access control policies from hundreds of client services at Google, including Calendar, Cloud, Drive, Maps, Photos, and YouTube. Its authorization decisions respect causal ordering of user actions and thus provide external consistency amid changes to access control lists and object contents. Zanzibar scales to trillions of access control lists and millions of authorization requests per second to support services used by billions of people. It has maintained 95th-percentile latency of less than 10 milliseconds and availability of greater than 99.999% over 3 years of production use. Ory Keto is the first open source planet-scale authorization system built with cloud native technologies (Go, gRPC, newSQL) and architecture. It is also the first open source implementation of Google Zanzibar 🎉! Many concepts developer by Google Zanzibar are implemented in Ory Keto already. Let's take a look! As of this release, Ory Keto knows how to interpret and operate on the basic access control lists known as relation tuples. They encode relations between objects and subjects. One simple example of such a relation tuple could encode "`user1` has access to file `/foo`", a more complex one could encode "everyone who has write access on `/foo` has read access on `/foo`". Ory Keto comes with all the basic APIs as described in the Zanzibar paper. All of them are available over gRPC and REST. 1. List: query relation tuples 2. Check: determine whether a subject has a relation on an object 3. Expand: get a tree of all subjects who have a relation on an object 4. Change: create, update, and delete relation tuples For all details, head over to the [documentation](https://www.ory.sh/keto/docs/concepts/api-overview). With this release we officially move the "old" Keto to the [legacy-0.5 branch](https://github.com/ory/keto/tree/legacy-0.5). We will only provide security fixes from now on. A migration path to v0.6 is planned but not yet implemented, as the architectures are vastly different. Please refer to [the issue](ory#318). We are keen to bring more features and performance improvements. The next features we will tackle are: - Subject Set rewrites - Native ABAC & RBAC Support - Integration with other policy servers - Latency reduction through aggressive caching - Cluster mode that fans out requests over all Keto instances So stay tuned, ⭐ this repo, 👀 releases, and [subscribe to our newsletter 📧](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53&MERGE0=&group[17097][32]=1).
We are proud to announce the next release of ORY Keto which includes … …several bugfixes! We also want to bring your attention to the current prototyping phase of ORY Keto's *next version*, which might just become the first open-source implementation of Google's Zanzibar paper. If you didn't know - Google Zanzibar is the system that stores and evaluates permissions for all of Google's services (including YouTube, Google Cloud, ...) on planet-scale with sub 10ms response time. Please note that the current phase is a research phase and no final decisions have been made. If you have feedback or ideas, please share them with us! For more information, head over to [keto#266](ory#266)!
autogen: pin v0.5.7-alpha.1.pre.0 release commit
This release bumps vulnerable transient dependencies (those are not a… …ctually used in ORY Keto) and updates several documentation pages and improves structured logging output. Additionally, ORY Keto now uses the updated release pipeline!
This release bumps vulnerable transient dependencies (those are not a… …ctually used in ORY Keto) and updates several documentation pages and improves structured logging output. Additionally, ORY Keto now uses the updated release pipeline!
PreviousNext