Learn how AuthZed helped Turo with their complex authorization requirements

SpiceDB at FOSDEM 2024: Recap

February 23, 2024|2 min read

Watch AuthZed's CPO and co-founder Jimmy Zelinskie's talk at FOSDEM 2024, as he delves into the world of authorization systems, specifically focusing on the evolution of access control models and the genesis of SpiceDB.


  • The talk aims to discuss the broader context of authorization issues rather than just promoting SpiceDB.

Authorization and Its Challenges

  • Discussion on the evolution of web security threats, highlighting Broken Access Control's rise to the top of OWASP's threat list from 2017 to 2021.
  • Overview of the historical context and development of authorization concepts by academia and industry.
  • Introduction to various access control models: Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-based Access Control (RBAC), Attribute-based Access Control (ABAC), and Relationship-based Access Control (ReBAC).

Evolution of Access Control Models

  • Detailed explanation of DAC and MAC, their origins, and examples.
  • RBAC's emergence in 1992, its core idea of mapping users to roles, and the challenges of defining roles consistently across different systems.
  • ABAC was introduced in 2015, offering more dynamic and context-aware access control mechanisms.
  • ReBAC's concept from around 2007, focusing on access control through relationships, popularized by systems like Facebook's social graph and Google's Zanzibar.

The Impact of Zanzibar and SpiceDB's Origins

  • Zanzibar's introduction by Google as a global, consistent authorization system, inspiring the creation of SpiceDB.
  • SpiceDB's development story, from initial prototypes in Python to a mature system written in Go, inspired by Google's project and the novel Dune.

SpiceDB Features and Capabilities

  • SpiceDB as a parallel graph database optimized for authorization checks.
  • Explanation of how developers use SpiceDB, including schema application, data storage, and querying.
  • Description of SpiceDB's architecture, including its gRPC and HTTP APIs, Kubernetes-native design, and its ability to scale and maintain consistency globally.
  • Introduction to developer tools like Zed and a web IDE for SpiceDB, enhancing developer experience and enabling easy integration and testing.

Challenges and Extensions to Zanzibar

  • While SpiceDB builds on Zanzibar's concepts, it extends them to be more flexible and applicable outside of Google's infrastructure.
  • Additions include support for dynamic, context-based relationships and improvements in developer experience to encourage open-source community adoption.

Get started for free

Join 1000s of companies doing authorization the right way.