Access control systems often falter under heavy load, struggling with consistency and responsiveness. Ory Keto addresses this by delivering minimal latency and strong consistency, even at high request volumes.
Ory Keto is an open source lightning fast permission and authorization. Its design is based on Google Zanzibar and it ships gRPC and REST APIs.
Ory Keto is written in Go and we provide SDKs for every language. It works behind any framework and integrates with any existing data structures and identifiers. Our documentation makes integrating Ory Keto a piece of cake.
Determine if an entity (user, service, IoT) is allowed to perform an action using HTTP or gRPC APIs.
Ory Keto offers deployment flexibility. With open source roots, Ory Keto has grown to offer different models to suit your business needs. Deploy open-source, opt for Ory Enterprise License with additional features and support, or use the fully managed Ory Network for a seamless SaaS experience.
Akibur Rahman
System Architect
Ory components met modern technical standards, seamlessly integrated into our system, and were easily customizable to our needs.
OSS is where most teams start. The question is whether it holds up as scale, compliance, and security requirements grow. Running identity infrastructure yourself means owning everything, from patches to incident response, compliance controls, and performance tuning. At enterprise scale, that overhead competes with product innovation. Ory's commercial offerings, OEL and Ory Network, trade that burden for SLA-backed support, managed CVE patching, and audit-ready controls.
OSS
OEL
Ory Network
Deploy on any infrastructure and take full control over authentication and user workflows of your application.
Authorize billions of requests secure, consistent, low latency and no downtime using Ory Keto, the open source implementation of Google Zanzibar access control.
Ory Keto implements Google Zanzibar and has maintained 95th-percentile latency of less than 10 ms and availability greater than 99.99% over years of production use.
Ory Keto integrates with any existing data structures and identifiers.
Deploy around the globe and provide a fast response no matter where your users are.
Get started with the guides and docs below
import { Namespace, Context } from "@ory/keto-namespace-types"
class User implements Namespace {}
class Document implements Namespace {
related: {
owners: User[]
editors: User[]
viewers: User[]
parents: Folder[]
}
permits = {
view: (ctx: Context): boolean =>
this.related.viewers.includes(ctx.subject) ||
this.related.editors.includes(ctx.subject) ||
this.related.owners.includes(ctx.subject) ||
this.related.parents.traverse((parent) => parent.permits.view(ctx)),
}
}
class Folder implements Namespace {
related: {
owners: User[]
editors: User[]
viewers: User[]
parents: Folder[]
}
}