AuthZEN
Standardized authorization with AuthZEN
AuthZEN defines a vendor neutral request/response API format between Policy Enforcement Points and Policy Decision Points. Cerbos is part of the working group making this standard a reality for enterprises.
Need for AuthZEN
Why authorization needs a standard?
Lack of interoperability
Proprietary authorization solutions create vendor lock-in and make it difficult to integrate best-of-breed components.
Inconsistent policy enforcement
Authorization logic is often embedded within apps, leading to fragmented and inconsistent access rules across the enterprise.
Difficult to audit
Without centralized authorization, it is difficult to see access policies and decisions.
Development overhead
Development teams keep rebuilding authorization, wasting time and resources.
The standard
The pillars of AuthZen standard
Vendor interoperability
Avoid vendor lock-in and use the best authorization components for your needs, thanks to a standardized API.
Improved security posture
Enhance security and simplify compliance with a unified and auditable authorization framework.
Dynamic, fine-grained access
Enable real-time, context-aware authorization decisions that go beyond static roles and permissions.
“We believe the future of authorization is interconnected. This is how authorization becomes resilient and innovation happens.”.
Alex Olivier
CPO and Co-Founder
AuthZEN ecosystem
Powered by the community
What is AuthZEN
AuthZEN is a new standard from an OpenID Foundation working group that aims to make authorization interoperable across apps, APIs, and services.
It sets out how a policy enforcement point, such as an application or API gateway, communicates with a policy decision point, the external engine responsible for authorization decisions.
Cerbos is the part of the working group, helping to test, improve and promote AuthZEN.
Alex Olivier
CPO and Co-Founder at Cerbos
Allan Foster
Member Board Of Directors at IDPro
Sean O’Dell
Staff Security Engineer at Disney
Gerry Gebel
ex-VP Product and Standards at Strata Identity
David Brossard
CTO at Axiomatics
Omri Gazitt
Previously CEO at Aserto
Architecture
How it works
AuthZEN defines a standard interface between Policy Enforcement Points and Policy Decision Points, enabling interoperability across different vendors and platforms.
Source: AuthZEN interop website
Integrate with your stack
Supported by major providers
AuthZEN is being adopted by major PDP and gateway providers, ensuring a wide range of support and interoperability.
PDP providers
Gateway providers
Adopt AuthZen-powered authorization with Cerbos
Cerbos is an enterprise-grade authorization solution that supports AuthZen. Enforce fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, and workloads.