Office Hours: ACL-aware filtering in your own database with SpiceDB and AuthZed Materialize

Zanzibar Implementations

/assets/team/sam-kim.jpg
July 6, 2021|3 min read

Update Jul 29, 2021: The Papers We Love video is available and included in this post.

Google's Zanzibar paper was the initial inspiration for Authzed and continues to provide insight as we build our product. But we're not the only ones interested in this technology: the broader software community has also taken an interest in activity around Zanzibar-inspired permissions systems.

Zanzibar Google Trends

(A recent Google trends search corroborates this observation.)

Coincidentally, our CEO Jake recently presented the Zanzibar paper for Papers We Love, and his talk included a survey of the current landscape of (known) Zanzibar-based implementations. In this talk, he collected the following implementations and reviewed each of them against a rubric.

The rubric comprises a set of subjective measures intended to accentuate the design decision differences between the services.

Zanzibar Scorecard

  • Paper faithfulness: How closely does the implementation follow the original paper?
  • Scalability: Is the implementation distributed?
  • CAP Compromise: What CAP trade-offs are taken?
  • New enemy?: Does the implementation support zookies?
  • Dev UX: Are supporting developer tools provided?

The video of his talk includes the detailed discussion of each of these services and we'll post a link as soon as it becomes available is available to view now:

Can you guess how each service did according to Jake's scorecard?

Here's the scorecard for Airbnb's Himeji as a preview.

Airbnb Himeji

CriteriaScore
Paper faithfulnessMedium
ScalabilityHigh
CAP CompromiseAP
New enemy?No zookies
Dev UXAverage
{style="width: unset"}

Share your thoughts in the Zanzibar discord or introduce any new Zanzibar-inspired implementations not covered yet.

Image credit: dschenkelman

Additional Reading

If you’re interested in learning more about Authorization and Google Zanzibar, we recommend reading the following posts:

Get started for free

Join 1000s of companies doing authorization the right way.