[jakemoshenko]

It's a really well designed distributed system for calculating access control decisions at scale. It makes a specific authorization CAP tradeoff that allows for consistency around access checks to different "versions" of a piece of content, allowing older content to be protected by checks served from read replicas and cache.

Full disclosure: I am a co-founder of a company building and hosting a Zanzibar implementation as a service: https://authzed.com

[nickthemagicman]

Thank you!

How does it integrate with apps it controls?

Are there libraries?

Or does it provide a data format to implement in the app you're working on?

[jschorr]

Hi Nick,

In the case of Authzed, we provide a gRPC API [0] which can be used from any application or language that supports gRPC, as well as designed client libraries for specific languages [1] to make integration even easier.

Applications primarily integrate by making Check requests [2] at any point in which a protected resource is being accessed and Write requests [3] at any point in which permissions are granted or removed.

Source: I am the third cofounder at https://authzed.com :)

[0]: https://docs.authzed.com/api/overview

[1]: https://docs.authzed.com/lang/lib-index

[2]: https://docs.authzed.com/api/check

[3]: https://docs.authzed.com/api/write

[nickthemagicman]

Awesome! Thank you! That makes sense. That's very interesting.

[kleton]

Is Zanzibar ganpati?

[tazjin]

No. Ganpati is a system that provides user & group information (not ACLs themselves), but it's only sort of related to Zanzibar.

[deadmutex]

> really well designed distributed system

Since you're an expert in this area, and I am lazy... :)

What makes it well designed? What are the top 2 or 3 things it does to make it a really well designed system?