Skip to content

Layer 5: Authorization (AuthZEN, Cedar, OpenFGA)

Work in Progress

This page is a placeholder. See Architecture for current documentation.

Overview

The top layer makes access control decisions combining agent, human, and workload identity with resource policies.

Specifications

  • AuthZEN - PEP-PDP communication API
  • Cedar - ABAC policy language
  • OpenFGA - ReBAC authorization service

Implementation

Planned

AuthZEN client implementation is planned for agent-protocols/authzen. See Roadmap.