Version: v0.5
Introduction
ORY Keto is a permission server that implements best practice access control mechanisms. If you came looking for the answer to the question:
- Is a certain user allowed to modify this blog article?
- Is this service allowed to print that document?
- Is a member of the ACME organisation allowed to modify data of one of their tenants?
- Is this process allowed to execute that worker when coming from IP 10.0.0.2 between 4pm and 5pm on a Monday?
- ...
ORY Keto provides various access control engines:
- Available today:
- ORY-flavored Access Control Policies with exact, glob, and regexp matching strategies
- Available soon:
- Access Control Lists
- Role-based Access Control
- Role Based Access Control with Context (Google/Kubernetes-flavored)
- Amazon Web Services Identity & Access Management Policies (AWS IAM Policies)
Each mechanism is powered by a decision engine implemented on top of the Open Policy Agent and provides well-defined management and authorization REST API endpoints.