OpenFGA, an authorization engine based on Google's Zanzibar that implements Relationship-Based Access Control (ReBAC), has been promoted to CNCF incubating status. The project centralizes authorization logic through an API-first approach, making it easier to implement complex access control at scale. Since joining CNCF as a sandbox project in 2022, OpenFGA has gained 37 production adopters, expanded to multiple SDKs (Python, Java, Go, .NET, JS), added maintainers from Grafana Labs and GitPod, and integrated with CNCF projects like OpenTelemetry, Helm, and Prometheus. The project has accumulated 4,300+ GitHub stars and 96 contributors, with future plans including new SDKs for Ruby, Rust, and PHP, AuthZen standard support, and performance improvements.
Table of contents
What is OpenFGA?OpenFGA’s HistoryMaintainer PerspectiveFrom the TOCMain ComponentsNotable MilestonesLooking AheadSort: