Overview

Grant access to datasets by package listing, not by bucket. DataZone grants mint JWT tokens; enforcement is pure subset checking with no policy engine in the data path. Why this matters →

How It Works

Define who can access what — in DataZone package grants, by dataset name, not by bucket. See live listings →
The system compiles that decision into a token — a signed JWT that carries the access grant, valid for a short window. Mint a token and inspect it →
The token is the only thing enforcement checks — no policy engine, no IAM, just: does this request fall inside the token's scope? Run a live enforcement probe →
Anything outside the boundary is denied — expired tokens, wrong audience, tampered claims. The system is fail-closed. See the failure suite →
Revocation is immediate or eventual — remove a principal to stop new grants, or rotate the signing key to invalidate everything at once. Incident response →
Every decision is traceable — each access traces back to a token, which traces back to a grant check. Browse the audit log →

System Status

Access Policy

Access in this system is defined by what a principal may do — not where data lives. Grant a DataZone project access to dataset X and that becomes the complete grant. This is the only place that decision gets made. Everything downstream enforces it; nothing downstream reconsiders it. — IAM as Maharaja

JWKS

Not loaded.

Active Principals

Principal	Scope Count	DataZone Project

DataZone Package Listings

Listing ID	Name	Owner Project

The Access Token

When a grant is checked, the result isn't a yes or a no alone — it's a signed token. The decision is compiled in: every scope represents a permission that was already decided. Mint one and read it. The authorization is in plain sight. — TAJ Mahalo

Mint

Token

Annotated Claims

Verify

Decoded Claims

Enforcement

The claim: once a token exists, enforcement requires no policy engine. One check — does the requested scope fit inside the token's scopes? If yes, forward. If no, deny. No third outcome. This view lets you prove that against a live instance. — RAJEE Against the Machine

Awaiting probe.

Failure Modes

The system is fail-closed. That is a claim. These tests prove it. Expired tokens, wrong audience, tampered claims, missing scopes — every case should produce a denial. Run each scenario and see the actual system response. — RAJEE vs IAM

Loading failure test categories...

Loading failure test definitions...

Revocation

Two levers with different blast radii. Remove a principal: new grants are blocked, existing tokens remain valid until they expire naturally. Rotate the signing key: every previously issued token becomes invalid immediately. The choice is between surgical and total.

Soft Revocation

Principal

No action yet.

Hard Revocation

No rotation started.

No per-token revocation

POST /token/revoke returns {"status": "unsupported"} by design. A denylist would force every enforcement call to hit mutable shared state; short TTLs bound exposure instead.

Audit Log

Because authorization is compiled into tokens at issuance, the audit trail is complete. Every access traces back to a specific token, which traces back to a specific grant check. Nothing is ambient — every decision has a receipt.

Time	Principal	Action	Resource	Decision

About RAJA

A researcher wants a dataset. They should not have to know which bucket it lives in, which region, which account, or who to ask for an IAM role. They should just get the data — or a clear denial.

Today that is not how object storage works. Sharing data means exposing infrastructure. Granting access means managing IAM roles, bucket policies, and presigned URLs — all of which leak physical coordinates and require ongoing maintenance. Every request re-asks the same permission question, at runtime, under load.

This is a proof of concept that it does not have to work that way.

The Idea

Treat datasets as logical things with names, not physical locations. Grant access to the dataset — not to the bucket. Let the system figure out where the data lives and route the request there, invisibly.

Access control happens once, when a request is first made, and the decision is encoded into a short-lived signed token. After that, enforcement is mechanical: does this request fall within the boundary already drawn? No policy engine runs in the data path. No IAM call. No bucket name exposed.

"The hotel key contains the authority. The concierge never calls a policy engine." — TAJ Mahalo