Relationship integrity
Google's Zanzibar model of authorization differentiates itself from other models by relying on relationships between objects, known as "resources" and "subjects". SpiceDB is an open-source implementation of Zanzibar developed by AuthZed. It stores relationships in an underlying datastore and uses this data to compute permissions. However, there exists a possibility that relationships within the external datastore could be modified without SpiceDB's knowledge, leading to incorrect or malicious answers to permissions questions. To address this issue, SpiceDB v1.36.0 introduces relationship integrity, which allows for each relationship written into the backing datastore to be signed by a key known only to SpiceDB. Currently, relationship integrity is supported with the CockroachDB datastore driver and may extend support to other drivers in the future.
Company
AuthZed
Date published
Sept. 30, 2024
Author(s)
Joey Schorr
Word count
708
Language
English
Hacker News points
None found.