Topaz is an open-source authorization service providing fine-grained, real-time, policy-based access control for applications and APIs.
Purpose-built fine-grained authorization
Fine-grained access control is a critical part of every production-ready application. Topaz is a purpose-built fine-grained access control service that is easy to integrate into your existing stack
Start with a fine-grained authorization model that grows with your application: use RBAC, ABAC and ReBAC interchangeably
Combine “policy-as-code” and “policy-as-data” to enjoy the best of both worlds and complete flexibility
Maintain a clear separation of concerns - extract authorization policy from your application code and into the hands of AppSec
Define you authorization policy as code, in Rego, and build it into an immutable, signed OCI image
Topaz makes it easy to bring user and resource data close to your authorizer via a local database and set of built-ins
Built upon an open foundation
OPA-based open-source authorizer, purpose-built for API and application authorization
Out of the box support for RBAC, ABAC, and ReBAC authorization models
Integrated Zanzibar-based directory for evaluating relationship-based decisions
Benefits
The Authorize lives close to your application. Deploy the authorizer either as a sidecar or a microservice and maintain low latency and high availability.
Bring user and resource data to the authorizer using easy-to-use APIs and a counterpart CLI. This ensures data used by the authorizer is also localized - which is critical for the decisions to be made as quickly as possible.
Combine “Policy-as-Code” and “Policy-as-Data” to build fine-grained authorization models
Consume decision logs produced by your edge authorizer and process them with your favorite analytics platform
Brings the best of library and a service - ensure highly performant authorization while keeping your authorization logic separate from your code.
How to use Topaz
Define your domain model
Load your data
Write your policy
Deploy the Authorizer
Use the Topaz SDKs in your application to make authorization decisions