Skip to content

Commit

Permalink
docs: update introduction
Browse files Browse the repository at this point in the history
  • Loading branch information
aeneasr committed Apr 1, 2021
1 parent 7583fe8 commit 5f71d73
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 47 deletions.
44 changes: 16 additions & 28 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,20 +10,24 @@
<a href="https://opencollective.com/ory">Support this project!</a>
</h4>

Ory Keto is a permission server that implements best practice access control
mechanisms. If you came looking for the answer to the question:

- Is a certain user allowed to modify this blog article?
- Is this service allowed to print that document?
- Is a member of the ACME organisation allowed to modify data of one of their
tenants?
- Is this process allowed to execute that worker when coming from IP 10.0.0.2
between 4pm and 5pm on a Monday?
- ...
Ory Keto is the first and only open source implementation of "Zanzibar: Google's Consistent, Global Authorization System":

Ory Keto is build based on
[Google's Zanzibar research paper](https://research.google/pubs/pub48190/) and
provides an extensible ACL language.
> Determining whether online users are authorized to access digital objects is central to preserving privacy. This paper
> presents the design, implementation, and deployment of Zanzibar, a global system for storing and evaluating access control lists.
> Zanzibar provides a uniform data model and configuration language for expressing a wide range of access control policies
> from hundreds of client services at Google, including Calendar, Cloud, Drive, Maps, Photos, and YouTube. Its authorization
> decisions respect causal ordering of user actions and thus provide external consistency amid changes to access control
> lists and object contents. Zanzibar scales to trillions of access control lists and millions of authorization requests
> per second to support services used by billions of people. It has maintained 95th-percentile latency of less than 10 milliseconds and availability of greater than 99.999% over 3 years of production use.
>
> [Source](https://research.google/pubs/pub48190/)
If you need to know if a user (or robot, car, service) is allowed to do something - Ory Keto is the right fit for you.

Currently, Ory Keto implements the basic API contracts for managing and checking relations ("permissions") with HTTP
and gRPC APIs. Future versions will include features such as userset rewrites (e.g. RBAC-style role-permission models),
Zookies, and more. An overview of what is implemented and upcoming can be found at [Implemented and Planned Features](https://www.ory.sh/keto/docs/next/implemented-planned-features).

<p align="left">
<a href="https://circleci.com/gh/ory/keto/tree/master"><img src="https://circleci.com/gh/ory/keto/tree/master.svg?style=shield" alt="Build Status"></a>
Expand All @@ -36,7 +40,6 @@ provides an extensible ACL language.
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->

- [Introduction](#introduction)
- [Who's using it?](#whos-using-it)
- [Installation](#installation)
- [Ecosystem](#ecosystem)
Expand All @@ -63,21 +66,6 @@ provides an extensible ACL language.

<!-- END doctoc generated TOC please keep comment here to allow auto update -->

## Introduction

ORY Keto is a permission server that implements best practice access control
mechanisms:

- Available today:
- ACL based on
[Google's Zanzibar research paper](https://research.google/pubs/pub48190/)
- Available soon:
- [Role-based Access Control](https://en.wikipedia.org/wiki/Role-based_access_control)
- Role Based Access Control with Context (Google/Kubernetes-flavored)
- [Attribute-based Access Control](https://en.wikipedia.org/wiki/Attribute-based_access_control)
- decision engines based on
[Open Policy Agent](https://www.openpolicyagent.org/)

## Who's using it?

<!--BEGIN ADOPTERS-->
Expand Down
33 changes: 14 additions & 19 deletions docs/docs/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,25 +4,20 @@ slug: /
title: Introduction
---

Ory Keto is a permission server that implements best practice access control
mechanisms. If you came looking for the answer to the question:
Ory Keto is the first and only open source implementation of "Zanzibar: Google's Consistent, Global Authorization System":

- Is a certain user allowed to modify this blog article?
- Is this service allowed to print that document?
- Is a member of the ACME organisation allowed to modify data of one of their
tenants?
- Is this process allowed to execute that worker when coming from IP 10.0.0.2
between 4pm and 5pm on a Monday?
- ...
> Determining whether online users are authorized to access digital objects is central to preserving privacy. This paper
> presents the design, implementation, and deployment of Zanzibar, a global system for storing and evaluating access control lists.
> Zanzibar provides a uniform data model and configuration language for expressing a wide range of access control policies
> from hundreds of client services at Google, including Calendar, Cloud, Drive, Maps, Photos, and YouTube. Its authorization
> decisions respect causal ordering of user actions and thus provide external consistency amid changes to access control
> lists and object contents. Zanzibar scales to trillions of access control lists and millions of authorization requests
> per second to support services used by billions of people. It has maintained 95th-percentile latency of less than 10 milliseconds and availability of greater than 99.999% over 3 years of production use.
>
> [Source](https://research.google/pubs/pub48190/)
Ory Keto is build based on
[Google's Zanzibar research paper](https://research.google/pubs/pub48190/) and
provides an extensible ACL language.
If you need to know if a user (or robot, car, service) is allowed to do something - Ory Keto is the right fit for you.

Soon, there will be native support for:

- [Role-based Access Control](https://en.wikipedia.org/wiki/Role-based_access_control)
- Role Based Access Control with Context (Google/Kubernetes-flavored)
- [Attribute-based Access Control](https://en.wikipedia.org/wiki/Attribute-based_access_control)
- decision engines based on
[Open Policy Agent](https://www.openpolicyagent.org/)
Currently, Ory Keto implements the basic API contracts for managing and checking relations ("permissions") with HTTP
and gRPC APIs. Future versions will include features such as userset rewrites (e.g. RBAC-style role-permission models),
Zookies, and more. An overview of what is implemented and upcoming can be found at [Implemented and Planned Features](implemented-planned-features.mdx).

0 comments on commit 5f71d73

Please sign in to comment.