Introduction to Permguard

PermGuard is a modern, open-source authorization provider designed to follow Zero Trust principles.

It uses the Zero Trust Auth* (ZTAuth*) architecture to ensure that every access request is continuously verified, regardless of application boundaries or context.

The main idea is to ensure that trust is never assumed but always validated at the application boundary. Integrating PermGuard to handle incoming requests ensures that every request is verified before access is granted.

This applies not only to APIs but also to any type of incoming request, including async messages, WebSocket connections, and more.

Each incoming request generates an authorization request that is evaluated by the PermGuard Authorization Server. The server responds with a decision to either allow or deny the request.

Permguard Policies

Designed for cloud-native, edge, and multi-tenant environments, PermGuard can be used in any context, including IoT, AI agents, and more. It allows you to update authorization policies without modifying your application code, saving time and effort.

These policies are centrally managed, allowing organizations to enforce consistent security rules across multiple applications without changing each service individually. This ensures compliance with corporate governance by providing a single point of control for defining, updating, and auditing authorization policies in real time.

PermGuard is powerful yet easy to use. Its advanced architecture ensures security and flexibility, while integration remains simple—whether for a basic app or a complex enterprise system. Just run the server, define your policy, and integrate it seamlessly.

PermGuard can be deployed anywhere: public or private clouds, managed infrastructure, Kubernetes, serverless systems, or even in partially connected environments where stable connectivity is limited. It is also a great fit for edge nodes and IoT ecosystems, providing secure and consistent permission management across different environments.

Permguard

It follows a Bring Your Own Identity (BYOI) approach, meaning it integrates with your existing authentication system instead of replacing it. You can configure identity sources to sync identities from your current identity provider, ensuring that all permissions are managed consistently and centrally, regardless of where you use PermGuard.

The main goal of PermGuard is to provide a strong authorization system with built-in administrative tools. It connects to identity sources through ingestion APIs, but these must be integrated with custom solutions. This keeps PermGuard flexible and easy to manage without unnecessary complexity.

The solution is language-agnostic, supporting multiple policy languages, starting with Cedar Policy Language. Developers can choose their preferred language from the supported options while ensuring that all federated PermGuard servers work smoothly together, even if they use different languages internally.

Permguard

A schema in PermGuard defines Namespaces, Resources, and Actions, ensuring consistency. Each language is integrated with a lightweight abstraction layer, providing flexibility while reserving only a few keywords.

To enforce access control, the application can use an SDK or directly integrate with the native APIs.

Permguard

This approach allows precise control over who or what can access resources while keeping the system flexible and easy to use.

  • Who: Identities (Users and Actors)
  • Can Access: Permissions granted by attaching policies
  • Resources: Resources targeted by permissions
Permguard