Overview
The OpenID AuthZEN Authorization API defines a standard interface between Policy Enforcement Points (PEPs) and Policy Decision Points (PDPs). Grantex aligns its external policy backend integration with the AuthZEN subject/resource/action/context model.
How It Works
When an authorization request arrives at the Grantex server and an external policy backend is configured (OPA or Cedar), the server translates the request into an AuthZEN-aligned evaluation context:
Example
A DAAP authorization request:
Becomes the following AuthZEN evaluation request:
Backend-Specific Details
OPA (Rego)
OPA receives the context in its input field and evaluates Rego policies:
See the OPA integration guide for policy examples.
Cedar
Cedar maps the context to typed entities (Agent, Grant, Action):
See the Cedar integration guide for policy examples.
Full Documentation
Last modified on March 2, 2026