| Two years ago, we founded Aserto to simplify authorization for developers. Authorization is critical and hard to get right, yet isn't a source of differentiation for most applications. Google [1], Airbnb [2], Netflix [3], Carta [4], Intuit [5], and others have written about their authorization systems. It's clear that these are all significant undertakings by sizable teams. Most engineering organizations don't want to spend their precious cycles reinventing this wheel. Over the last two years, we've collected a set of best practices that are common across these projects. We call these the Principles of Authorization [6]. Our goal has been to democratize these principles into an authorization service, and save you time and effort. Topaz [7] is an open source authorization system you can use to start building robust authorization in minutes. It provides fine-grained, real-time, policy-based access control for modern cloud applications. You can deploy it as a sidecar or a microservice in your cloud, ensuring low latency to your application. Topaz combines the best ideas from two cloud-native authorization ecosystems: OPA and Zanzibar. Read our blog post [8] for more on why we built Topaz. Happy hacking! [1] https://research.google/pubs/pub48190/ [2] https://medium.com/airbnb-engineering/himeji-a-scalable-cent... [3] https://www.infoq.com/presentations/authorization-scalabilit... [4] https://medium.com/building-carta/authz-cartas-highly-scalab... [5] https://medium.com/intuit-engineering/authz-intuits-unified-... [6] https://www.topaz.sh/docs/intro#principles [7] https://github.com/aserto-dev/topaz [8] https://www.aserto.com/blog/topaz-oss-cloud-native-authoriza... |