[jchw]

It doesn't seem to deal with consistency issues solved by the Zanzibar design, at least that I can see. While this is understandable since it is probably the most complicated bit of the Zanzibar paper, it is a bit disappointing that, as far as I can tell, nobody has really gotten that far.

[mtolga]

Hey there,

Tolga from Permify here!

Yes this is very true. But we have this in our road.

First we’ll be focusing on message broker, and improving CDC.

Then we’ll add Zookies.

I’d love to connect & chat about anything related Authorization. - tolga@permify.co

[jeffbee]

"Google thing, but without all that pesky correctness" is a sadly common pattern.

[jzelinskie]

SpiceDB does fully support all consistency described in the Zanzibar paper[0] and even allows the requests to specify consistency on the fly[1]. We've designed around this from the start because it'd be very difficult to add after the fact. We also built a CI pipeline that leverages ChaosMesh[2] to test for the New Enemy Problem.

[0]: https://docs.authzed.com/reference/zedtokens-and-zookies

[1]: https://docs.authzed.com/reference/api-consistency

[2]: https://chaos-mesh.org

[dastbe]

imo i would add to your docs more details around what to do when you ex. update a relationship but fail to persist a zedtoken, or at least the options and what the ramifications are. these are things that people may not truly reason through and your team has the most context on how these decisions can affect user experience.

[jzelinskie]

Thanks. This is great feedback. We've written a blog post[0] about some of strategies developers are using to write relationships, but we haven't covered explicitly the failure scenarios.

For the scenario that you've described, you should be able to retry persisting the zedtoken, but if there's some fundamental reason that's not working, you can always perform a fully consistency check and persist the resulting value -- fresher zedtokens are always safe.

[0]: https://authzed.com/blog/writing-relationships-to-spicedb/

[jchw]

I hate to detract from the Show HN post, but frankly, you have my attention. I'm taking a look at SpiceDB.