Hey folks! As Topaz turns a year old, we just released a big update, including support for a new authorization schema language, a built-in visual console, REST APIs for the ReBAC directory, a full test harness, and many other improvements.
Would love to get your feedback! Check out the blog post [0] for the complete details (including some cool screenshots), or clone / fork the repo here [1]. Many thanks!
Today we are using OpenFGA and OPA together, as OPA does not provide a real solution managing our data and we only have a few real attribute based checks we need to make. OpenFGA is a nice data plane, but does not provide an attribute based solution, so we are http.Send integrating the two, which is not ideal.
In simple terms topaz brings a rebac data solution together with OPA, so you only have to create attribute based authorization rules when really needed, to compliment the relation authorization provided by the topaz directory.
I see it is a container based solution, is that a requirement, we (have to) run on Windows Server, can I run topaz without a container, just bare metal?
You can, simply use the topazd.exe binary from the topaz_windows_x86_64.zip from the GH releases page (https://github.com/aserto-dev/topaz/releases). Note this is currently not a Windows Service, so not net start topaz. Let me know if that would be interesting.
Thanks for the question! Those are both great projects. Topaz combines the best elements of both:
* It uses OPA as its decision engine and Rego as the policy language, and supports the "policy as code" methodology
* It also implements a ReBAC directory, much like OpenFGA, in the same container image. It goes further, by allowing you to store not just relationships between subjects and objects, but also properties... which makes it easy to author policies that combine attribute-based (ABAC) and relationship-based (ReBAC) rules.
It is great to see this release coming together. I am working on a new app right now. While authentication is a solved problem with services like Auth0, how to set up a robust authorization mechanism left me scratching my head. With Topaz, the decision to not built it myself was easy. Topaz is to AuthZ what Auth0 is to AuthN. Congrats on the release, very timely!