BASIS Foundation builds open-source security and identity infrastructure for Building Automation Systems and Operational Technology.
BASIS exists to make authorization, identity, audit, and protocol normalization understandable and reusable in environments where safety, uptime, and operational clarity matter.
The project is focused on a simple architectural separation:
basis-identity → establishes trusted identity
basis-gateway → enforces access decisions
basis-core → evaluates authorization policy
basis-adapters → normalize OT protocol operations
basis-schemas → define shared contracts
basis-console → explains and visualizes system state
basis-architecture → documents the model and boundaries
Building automation and operational technology environments often rely on fragmented identity, inconsistent authorization, and limited auditability.
BASIS is an open-source attempt to define a cleaner foundation:
- identity is verified before authorization
- authorization decisions are deterministic and auditable
- protocol adapters normalize operations without making policy decisions
- gateways enforce decisions without owning policy semantics
- core authorization logic remains isolated and testable
- OT systems remain protected from accidental dashboard/control creep
| Repository | Purpose |
|---|---|
basis-architecture |
Architecture, white papers, ADRs, and system boundaries |
basis-schemas |
Shared contracts for BASIS components |
basis-core |
Deterministic authorization kernel |
basis-gateway |
Identity-aware enforcement boundary |
basis-identity |
Identity provider, session, token, and gateway trust boundary |
basis-adapters |
OT protocol normalization layer |
basis-console |
Operator-facing visibility and training interface |
basis-website |
Public website for the BASIS ecosystem |
BASIS is early-stage open-source infrastructure.
Several repositories have initial public releases or release-ready foundations. The project is not yet a finished platform, product, or commercial deployment. The current focus is building clear, testable foundations for identity, authorization, gateway enforcement, protocol normalization, and audit contracts.
BASIS is built around a few guardrails:
- Identity is not authorization.
- Authorization is not enforcement.
- Adapters do not make policy decisions.
- Gateways enforce decisions; they do not define policy semantics.
- The authorization kernel does not know about OIDC, JWTs, sessions, cookies, or OT protocols.
- Every boundary should be understandable, testable, and auditable.
Learn more at:
BASIS is still forming its public contribution model. For now, each repository contains its own README, security notes, contribution guidance, and release-readiness documentation where applicable.
Start with the architecture repository if you want to understand the system model before reading code.