What is Topaz?
Topaz is an open source authorization service designed for cloud-native environments, offering fine-grained, real-time, policy-based access control for applications and APIs. It combines the best features of OPA (Open Policy Agent) and Zanzibar to deliver comprehensive authorization solutions that scale with application needs.
The service enables organizations to design authorization models that evolve from multi-tenant RBAC to ABAC, ReBAC, or hybrid approaches. Topaz implements policy-as-code workflows, allowing authorization policies to be extracted from application code and managed as separate artifacts. These policies can be built into immutable, signed OCI images for enhanced security in the software supply chain.
Features
- Fine-Grained Authorization: Design authorization models that evolve from RBAC to ABAC, ReBAC, or hybrid approaches
- Policy-Based Control: Implement policy-as-code workflows with authorization policies extracted from application code
- Real-Time Decisions: Deploy locally for lightning-fast authorization decisions with embedded database storage
- Cloud-Native Architecture: Deployed in your cloud environment and connected to your data sources
- Multi-Language Support: Get started quickly with documentation and resources for popular programming languages
Use Cases
- Implementing fine-grained access control for multi-tenant applications
- Managing authorization policies across microservices architectures
- Enforcing security policies in cloud-native environments
- Building scalable authorization systems for enterprise applications
- Creating policy-as-code workflows for DevOps teams
FAQs
-
What programming languages does Topaz support?
Topaz provides documentation and resources for Node.js, Go, Python, Java, ASP.NET, and Ruby. -
How does Topaz handle authorization decisions?
Topaz stores users, groups, objects, and relationships in an embedded database and optimizes query evaluation over the object graph for real-time authorization decisions. -
What authorization models does Topaz support?
Topaz supports RBAC (Role-Based Access Control), ABAC (Attribute-Based Access Control), ReBAC (Relationship-Based Access Control), and hybrid combinations of these models.
