Permit.io

Scales both on the tech, and on the human side - e.g. your product manager can add roles (with CI approval) without requiring engineering involvement.

(I'm biased but still true)

I only did a quick read of permit.io offering but iirc they don't focus on hierarchical data. If having access to a resource cannot grant access to unbounded number of other independent resources (eg sharing a folder) then almost all issues of the article disappear

too quick man, it's a key feature:

https://www.permit.io/rebac

With Both Aserto and Styra gone - there aren't any commerical/enterprise options to get capabilities and support around OPA.

Has anyone seen more options?

Here are a few OPA alternatives: https://www.osohq.com/learn/open-policy-agent-authorization-...

Not OPA-based , but Kyverno-based. Kyverno is also CNCF, basically an overlap of OPA functionality (with some give and take.)

Nirmata provides commercial/enterprise options around Kyverno.

Permit.io

they don't actually "support" OPA. more like they run/depend on OPA

Gabriel from Permit.io here

Actually, Permit does support OPA. In fact, about 15% of our large customers came from StyraDAS and use Permit as their enterprise OPA solution.

On top of that, we offer OPAL+, which is already adopted by Fortune 100 companies as a production-grade OPA framework.

100% - it's really about context aware policies for each type of agent, server, interaction, etc. That's why fine-grained policies are such a big part of the answer here

100% - especially when Auth stands for just Authentication. Simple RBAC authorization also won't take us far. But Fine-grained Permissions(e.g. OPA, Cedar, OpenFGA, Permit.io) with ReBAC giving ai-agents Zero standing permissions, and only deriving on the fly the least privilege they need / got consent for, can dramatically reduce the problem