ORY Keto is a permission server that implements best practice access control mechanisms. If you came looking for the answer to the question:
- Is a certain user allowed to modify this blog article?
- Is this service allowed to print that document?
- Is a member of the ACME organisation allowed to modify data of one of their tenants?
- Is this process allowed to execute that worker when coming from IP 10.0.0.2 between 4pm and 5pm on a Monday?
ORY Keto provides various access control engines:
- Available today:
- ORY-flavored Access Control Policies with exact, glob, and regexp matching strategies
- Available soon:
Each mechanism is powered by a decision engine implemented on top of the Open Policy Agent and provides well-defined management and authorization REST API endpoints.