Relationship integrity

Google's Zanzibar model of authorization differentiates itself from other models by relying on relationships between objects, known as "resources" and "subjects". SpiceDB is an open-source implementation of Zanzibar developed by AuthZed. It stores relationships in an underlying datastore and uses this data to compute permissions. However, there exists a possibility that relationships within the external datastore could be modified without SpiceDB's knowledge, leading to incorrect or malicious answers to permissions questions. To address this issue, SpiceDB v1.36.0 introduces relationship integrity, which allows for each relationship written into the backing datastore to be signed by a key known only to SpiceDB. Currently, relationship integrity is supported with the CockroachDB datastore driver and may extend support to other drivers in the future.