Fine-grained authorization for AI agents using OpenFGA.

AI agents are getting access to production systems - databases, APIs, file systems. But who decides what they can do? Traditional RBAC wasn't designed for autonomous agents that make decisions without human approval.

Related contents:

• AI fatigue is real and nobody talks about it @ Siddhant Khare.

Fine-Grained Authorization. A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar

Relationship-based access control made fast, scalable, and easy to use.

OpenFGA is an open-source authorization solution that allows developers to build granular access control using an easy-to-read modeling language and friendly APIs.

• OpenFGA @ GitHub.

Related contents:

• AI fatigue is real and nobody talks about it @ Siddhant Khare.

Tunneled Reverse Proxy Management Server with Identity and Access Control and Dashboard UI.

Pangolin is a self-hosted tunneled reverse proxy management server with identity and access management, designed to securely expose private resources through use with the Traefik reverse proxy and WireGuard tunnel clients like Newt. With Pangolin, you retain full control over your infrastructure while providing a user-friendly and feature-rich solution for managing proxies, authentication, and access, and simplifying complex network setups, all with a clean and simple UI.

• Pangolin @ GitHub.

Related contents:

• Pangolin: Your Own Self-Hosted Cloudflare Tunnel Alternative @ DB Tech's YouTube.

• Pangolin Middleware Manager @ GitHub.

• Getting Started with Pangolin @ Lawrence Systems' YouTube.

• Pangolin - Self hosted Tunneling to secure access to your home services and local network. @ Awesome Open Source's YouTube.

• I Put Jellyfin Behind Pangolin on Unraid… WOW @ Ibracorp.

• Ep 13: Cyberdeck Cyberwhat Selfhosted VPN networks and is Wireguard Hard @ Linux Prepper (Episode 13 Shownotes - Cyberdeck Cyberwhat and is Wireguard Hard @ Learning Together).

• Self-hosted Cloudflare + VPN replacement! Pangolin Tutorial @ Christian Lempa's YouTube.

• Pangolin - Proxy, VPN et auth enfin réunis @ Korben :fr:.

IAM Least Privilege Policy Generator.

Policy Sentry is an AWS IAM Least Privilege Policy Generator, auditor, and analysis database. It compiles database tables based on the AWS IAM Documentation on Actions, Resources, and Condition Keys and leverages that data to create least-privilege IAM policies.

• Policy Sentry @ GitHub.

An authorization library that supports access control models like ACL, RBAC, ABAC for Golang, Java, C/C++, Node.js, Javascript, PHP, Laravel, Python, .NET (C#), Delphi, Rust, Ruby, Swift (Objective-C), Lua (OpenResty), Dart (Flutter) and Elixir.

• Casbin @ GitHub.

Open Source Fine-Grained Authorization.

An open-source authorization as a service inspired by Google Zanzibar, designed to build and manage fine-grained and scalable authorization systems for any application.

Build Your Authorization System Fast Without Extra Engineering Resources

Implement fine-grained, scalable and extensible access controls within minutes to days instead of months. Inspired by Google’s cons

• Permify @ GitHub.

Policy-based control for cloud native environments. Flexible, fine-grained control for administrators across the stack.

Open Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.

• Open Policy Agent @ GitHub.

Related contents:

• Guardrails for Your Cloud: A Simple Guide to OPA and Terraform @ Sami Banerjee's Medium.
• Getting Open Policy Agent Up and Running @ The New Stack.
• Simplify Kubernetes Security With Kyverno and OPA Gatekeeper @ The New Stack.
• Automating policy enforcements for infrastructure using Open Policy Agent (OPA) in Terraform — Part 1 @ Ashay Maheshwari's Medium.
• Terraform governing with OPA @ DevOpsOnTheTrail.
• Blueprinting Security in CI/CD: Building Trust Through Open Source @ CD Foundation.
• From Kubernetes Gatekeeper to Full-Stack Governance with OPA @ Pulumi.
• Governing infrastructure as code using pattern-based policy as code @ AWS Security Blog.

🛡 A GraphQL tool to ease the creation of permission layer. GraphQL Permissions Framework for Complex Authorisation Systems. Implement your server permissions in a clear and deterministic way and let it guard access to your schema.

GraphQL Shield helps you create a permission layer for your application. Using an intuitive rule-API, you'll gain the power of the shield engine on every request and reduce the load time of every request with smart caching. This way you can make sure your application will remain quick, and no internal data will be exposed.

• GraphQL Shield @ GitHub.