Ory takes a fundamentally different approach to identity by decomposing authentication and authorization into independent, composable microservices rather than providing a monolithic identity server. Kratos handles user identity management including registration, login, account recovery, and profile management through a headless API that teams customize with their own UI. Hydra implements the OAuth 2.0 and OpenID Connect specification as a standalone service that delegates authentication decisions to existing identity systems.
Oathkeeper serves as an identity-aware reverse proxy that authenticates and authorizes incoming API requests based on configurable rules. Keto implements Google's Zanzibar paper for fine-grained relationship-based access control, enabling permission models like those used by Google Drive and GitHub. Each component runs independently with its own database and API, allowing teams to adopt only the pieces they need rather than deploying an entire identity platform.
Ory's component repos still provide strong open-source identity building blocks: Kratos, Hydra, Keto, and Oathkeeper are active Apache-2.0 projects, and Hydra's current source copy says it is trusted by OpenAI and others. Ory Network provides the managed SaaS deployment for teams that want the modular architecture without operating the components themselves. The Go-based codebase emphasizes performance and small resource footprints, making Ory components suitable for both cloud deployments and edge environments with limited resources.