Fine-Grained Authorization
Fine-Grained Authorization at Scale
Hypothesis
Authorization built to scale. Enable user collaboration and granular access control in your applications using developer-friendly APIs.
Updates
Authorization (AuthZ) is what determines whether an actor can perform a certain action on a particular resource, often via roles. For example, a budgeting application can read a person’s bank balance, but not perform transactions.
Fine-Grained Authorization (FGA) takes this a step further and addresses more granular, atomic authorization challenges that are often dynamic in nature, such as being able to access individual folders, files, or capabilities within a system based on actor attributes and their relationship to the resource.
In our Auth0 Lab experiment, codenamed Sandcastle, we explored the feasibility and viability of a large scale FGA solution as a service using relationship based access control (ReBAC) based on Google Zanzibar.
Sandcastle has graduated from the Lab and is now an "Authorization as a service" product: Okta FGA, currently in early access. Okta FGA enables user collaboration and granular access control in your applications using developer-friendly APIs.
Additionally, an OSS project called OpenFGA was published and accepted into CNCF. OpenFGA is a high performance and flexible authorization system built for developers and inspired by Google Zanzibar.
Resources
Zanzibar Academy
Zanzibar handles authorization for YouTube, Drive, Google Cloud and all of Google's other products
Fine-Grained Authorization Authorization Playground
This interactive playground allows you to learn about Auth0 FGA, an Auth0 initiative to solve fine-grained authorization at...
Okta FGA
Enable user collaboration and granular access control in your applications using developer-friendly APIs
OpenFGA
A flexible Fine-Grained Authorization system inspired by Google's Zanzibar, designed for reliability and low latency at scale.