What is InferaDB?
A distributed authorization database for fine-grained access control at scale.
InferaDB is a distributed authorization database. It answers “can this user do this?” in microseconds, unifying ReBAC, RBAC, and ABAC with cryptographic audit trails and per-tenant storage isolation.
Key Capabilities
- Sub-microsecond performance — 2.8µs p99 read latency, 952K ops/sec on commodity hardware
- Cryptographic tenant isolation — Per-vault AES-256-GCM envelope encryption
- Tamper-proof audit trail — Per-vault blockchain with Merkle proof verification
- Distributed consensus — Raft-based replication with linearizable writes
- WebAssembly extensibility — Custom authorization logic in any WASM-compatible language
- Standards-compliant — OpenID AuthZEN-native, Google Zanzibar-inspired
Architecture
Three server components:
| Component | Role | Port(s) |
|---|---|---|
| Engine | Authorization evaluation (data plane) | 8080 (REST), 8081 (gRPC), 8082 (mesh) |
| Control | Tenant administration (control plane) | 9090 (REST), 9091 (gRPC), 9092 (mesh) |
| Ledger | Blockchain persistence (storage layer) | 50051 (gRPC) |
How It Works
- Define your model in the Infera Policy Language (IPL) — entities, relations, and permissions.
- Write relationships (tuples) via REST or gRPC — e.g.,
(user:alice, editor, document:readme). - Check permissions — sub-millisecond answers with full explanation paths.
Tooling
- CLI —
inferadb check,inferadb simulate,inferadb policy branch - Rust SDK — Type-safe, async-first client with MockClient for testing
- Dashboard — Visual policy editor, relationship graph, decision simulator
- Terraform Provider — Manage organizations, vaults, clients as IaC
Open Source
Dual-licensed under MIT and Apache 2.0. Source on GitHub.