Implementing and managing access control within applications often requires significant architectural changes and can be time-consuming, especially when dealing with diverse authorization models like role-based access control (RBAC), relationship-based access control (ReBAC), and attribute-based access control (ABAC). Traditional approaches can lead to synchronization issues, performance bottlenecks, and scalability challenges across different environments.

Oso provides an API-driven authorization service that enables developers to implement fine-grained access control without overhauling their existing application architecture. The service authorizes locally against existing databases by generating SQL filters, reducing integration time and eliminating synchronization issues. Oso supports high-performance, scalable permission management across cloud, hybrid, and on-premise environments. Developers can define authorization rules in Polar, Oso’s DSL for authorization, and query the Oso API to determine user permissions. This approach allows for decoupling authorization logic from business logic, ensuring security, correctness, and faster development cycles.

API-driven authorization service for RBAC, ReBAC, and ABAC models

Local authorization against existing databases using generated SQL filters

Polar DSL for defining authorization rules

Support for cloud, hybrid, and on-premise environments

High availability with deployment in 20+ regions

Low latency (<10 ms) and high throughput (up to 1M reads/sec)

Extensible architecture for integrating with various application components

Deterministic behavior for testable, debuggable, and observable authorization logic

Oso primarily targets platform engineering teams and developers building applications that require robust and scalable authorization, particularly those in enterprises needing to manage complex permission structures.