Aserto is based on a few open source projects: OPA [1], policy CLI [2], and Open Policy Registry [3].
Architecturally, the Aserto authorizer is packaged up as a docker container and deployed as a sidecar or microservice in a customer environment. The control plane typically runs in Aserto's cloud (although you could run it on your own if you needed full control of the end-to-end solution).
Being based on open source projects doesn't mean too much (Youtube is written in Python, so it's based on open-source). Having a consistent language (OPA) does mean something.
But fundamentally I meant that it doesn't seem like you can run your entire system self-hosted and the code for it is entirely OSS. Do I have that right?
You're right that the control plane currently is not OSS. Most people we talked to when we first embarked on the journey said that it was critical for the authorizer to run locally (and be OSS), but they preferred to not have to operate the control plane.
With that said, our intent is to create the option to run the entire system self-hosted.
But fundamentally I meant that it doesn't seem like you can run your entire system self-hosted and the code for it is entirely OSS. Do I have that right?