Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

I am guessing there is an answer already for this but I can’t figure out the right search. I saw an example video where an API end point posts and gets files with a username. They build out Keto to protect access to files based on the username which makes sense. Assuming I might want to query ‘all files for user’, I am assuming the username should also be stored in the db with each file? My follow up question would be, if the username on the db row changes there would be a mismatch between the permissions and the data itself right? I would always need to make sure to edit the Keto rule and the db row when updating?

I am going to answer my own question here: after going to another page in the docs list below. I can see there is a List-Api. One you build the relationships it looks like you can query them. The Keto relationships are the sole source of truth it seems.
<https://www.ory.sh/docs/keto/examples/olymp-file-sharing|https://www.ory.sh/docs/keto/examples/olymp-file-sharing>

I wouldn’t literally use a dynamic identifier for a user, I’d use a stable unique identifier for the user. But I’m just familiar with using keto directly, I don’t know what it’s like combined with other ory products.