How is topaz similar/different to OPAL?

aserto-dev / topaz

Cloud-native authorization for modern applications and APIs

https://www.topaz.sh

Apache License 2.0

1.1k stars 26 forks source link

How is topaz similar/different to OPAL? #458

Closed keshavkaul closed 2 weeks ago

keshavkaul commented 1 month ago

OPAL (https://opal.ac) allows to orchestrate OPA policy and data dynamically and is deployed as a sidecar with the applications. Curious to understand how topaz is similar or different to OPAL.

ogazitt commented 1 month ago

Topaz is an authorizer (PDP) - it is a superset of OPA. Topaz uses OPA as a decision engine, but adds an embedded ReBAC (Zanzibar) database for storing and demand-loading objects and relations, and efficiently computing “check” and “search” calls.

OPAL is not a PDP itself. It is a control plane that keeps a PDP (typically OPA) up-to-date.

Aserto has a control plane (similar to OPAL) which keeps policies and data up-to-date.

ogazitt commented 2 weeks ago

I hope the explanation made sense... closing this issue.