spicedb

What is SpiceDB?

SpiceDB is a graph database purpose-built for storing and evaluating access control data.

As of 2021, broken access control became the #1 threat to the web¹. With SpiceDB, developers finally have the solution to stopping this threat the same way as the hyperscalers.

Why SpiceDB?

- World-class engineering²: painstakingly built by experts that pioneered the cloud-native ecosystem
- Authentic design³: mature and feature-complete implementation of Google's Zanzibar paper
- Proven in production⁴: 5ms p95 when scaled to millions of queries/s, billions of relationships
- Global consistency⁵: consistency configured per-request unlocks correctness while maintaining performance
- Multi-paradigm⁶: caveated relationships combine the best concepts in authorization: ABAC & ReBAC
- Safety in tooling⁷: designs schemas with real-time validation or validate in your CI/CD workflow
- Reverse Indexes⁸: queries for "What can subject do?", "Who can access resource?"

Foot Notes

1. https://owasp.org/Top10/A012021-BrokenAccess_Control/
2. https://authzed.com/why-authzed
3. https://authzed.com/zanzibar
4. https://authzed.com/blog/google-scale-authorization
5. https://authzed.com/docs/spicedb/concepts/consistency
6. https://netflixtechblog.com/abac-on-spicedb-enabling-netflixs-complex-identity-types-c118f374fa89
7. https://authzed.com/docs/spicedb/modeling/validation-testing-debugging
8. https://authzed.com/docs/spicedb/getting-started/faq#what-is-a-reverse-index