Overview
Permguard is a modern, open-source authorization server built to align with Zero Trust principles.
The main idea is to ensure that trust is never assumed but always validated at the application boundary. Integrating Permguard to handle incoming requests ensures that every request is verified before access is granted.
This applies not only to APIs but also to any type of incoming request, including async messages, WebSocket connections, and more.
Each incoming request generates an authorization request that is evaluated by the Permguard AuthZ Server. The server responds with a decision to either permit or deny the request.
Designed for cloud-native, edge, and multi-tenant environments, Permguard can be used in any context, including IoT, AI agents, and more. It allows you to update authorization policies without modifying your application code, saving time and effort.
These policies are centrally managed, allowing organizations to enforce consistent security policies across multiple applications without changing each service individually. This ensures compliance with corporate governance by providing a single point of control for defining, updating, and auditing authorization policies in real time.
Permguard is powerful yet easy to use. Its advanced architecture ensures security and flexibility, while integration remains simple—whether for a basic app or a complex enterprise system. Just run the server, define your policy, and integrate it seamlessly.
Permguard can be deployed anywhere: public or private clouds, managed infrastructure, Kubernetes, serverless systems, or even in partially connected environments where stable connectivity is limited. It is also a great fit for edge nodes and IoT ecosystems, providing secure and consistent permission management across different environments.
It follows a Bring Your Own Identity (BYOI) approach, meaning it integrates with your existing authentication system instead of replacing it.
The main goal of Permguard is to provide a strong authorization system with built-in administrative tools.
The solution is language-agnostic, supporting multiple policy languages, starting with Cedar Policy Language.
Developers can choose their preferred language from the supported options while ensuring that all federated Permguard servers work smoothly together, even if they use different languages internally.
Each language is integrated with a lightweight abstraction layer, providing flexibility while reserving only a few keywords.
To enforce access control, the application can use an SDK or directly integrate with the native APIs.
There are SDKs available for multiple programming languages, including Go, Java, Node.js, and Python. More SDKs are being developed to support additional languages.
This approach allows precise control over who or what can access resources while keeping the system flexible and easy to use.
Who: Identities (Users and Workloads)Can Access: Permissions granted by attaching policiesResources: Resources targeted by permissions
