ORY Keto is an permission server that implements best practice access control mechanisms. If you came looking for the answer to the question:
- is certain user is allowed to modify that blog article?
- is this service is allowed to print a document?
- is the user of the ACME organisation allowed to modify data in one of their tenants?
- is this process allowed to execute the worker when coming from IP 10.0.0.2 between 4pm and 5pm on every monday?
- ...
ORY Keto is an permission server that implements best practice access control mechanisms:
- Available today:
- ORY-flavored Access Control Policies with exact, glob, and regexp matching strategies
- Available soon:
- Access Control Lists
- Role Based Access Control
- Role Based Access Control with Context (Google/Kubernetes-flavored)
- Amazon Web Services Identity & Access Management Policies (AWS IAM Policies)
Each mechanism is powered by a decision engine implemented on top of the Open Policy Agent and provides well-defined management and authorization endpoints.
Head over to the documentation to learn about ways of installing ORY Keto.
The ORY Security Console is a visual admin interface for ORY Hydra, ORY Oathkeeper, and ORY Keto.
ORY Hydra ORY Hydra is a hardened OAuth2 and OpenID Connect server optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider, which would include user sign up, user log in, password reset flow. Hydra but connects to your existing identity provider through a consent app.
ORY Oathkeeper is a BeyondCorp/Zero Trust Identity & Access Proxy (IAP) built on top of OAuth2 and ORY Hydra.
The ory/examples repository contains numerous examples of setting up this project and combining it with other services from the ORY Ecosystem.
If you think you found a security vulnerability, please refrain from posting it publicly on the forums, the chat, or GitHub and send us an email to hi@ory.am instead.
Our services collect summarized, anonymized data which can optionally be turned off. Click here to learn more.
The Guide is available here.
The HTTP API is documented here.
New releases might introduce breaking changes. To help you identify and incorporate those changes, we document these changes in UPGRADE.md and CHANGELOG.md.
Run keto -h or keto help.
Thank you to all our backers! 🙏 [Become a backer]
We would also like to thank (past & current) supporters (in alphabetical order) on Patreon: Alexander Alimovs, Chancy Kennedy, Drozzy, Oz Haven, TheCrealm
Sponsors support this project. The sponsor's logo or brand will show up here with a link to the website. [Become a sponsor]
A special thanks goes out to Wayne Robinson for supporting this ecosystem with $200 every month since Oktober 2016 on Patreon.