May 2026 Summaries
6 posts from AuthZed
Filter
Month:
Year:
Post Summaries
Back to Blog
Access permissions on GitHub operate through a complex model involving tiered roles and account structures, allowing organizational owners extensive control over repositories without individual configurations. The system is based on layers where permissions flow from organizational ownership and team hierarchies to individual resources. SpiceDB, an open-source database using Relationship-Based Access Control (ReBAC), and AuthZed Cloud facilitate modeling and scaling such intricate permission systems. GitHub's permission levels—Reader, Triager, Writer, Maintainer, and Admin—are translated into a SpiceDB schema using relations and permissions, enabling dynamic updates as team memberships change. The schema's flexibility allows organization-level roles to automatically inherit repository permissions, reflecting GitHub's real-world behavior. The document further outlines how to model and implement this system on AuthZed Cloud, which allows for seamless permission management and checks through various client languages, emphasizing the importance of making strategic decisions regarding organizational roles and permission granularity.
May 26, 2026
2,118 words in the original blog post.
The development team at SpiceDB has been working on a new Query Planner aimed at enhancing the performance of permission checks in the SpiceDB system, which uses a permission graph to determine relationships between resources and subjects. The Query Planner utilizes advisors to optimize path selection and employs dispatching to offload subproblems to other nodes in a SpiceDB cluster, trading network cost for caching benefits. Benchmarks were conducted across various scenarios, such as DeepArrow and WideArrow, to test performance improvements in both algorithmic and datastore contexts. The results indicate that the Query Planner, particularly when advised, generally outperforms the current system in terms of speed and memory efficiency. Although early versions of the dispatch mechanism may be overly active, the team plans to refine this in future updates, focusing on when to send subproblems over the network versus processing them locally.
May 20, 2026
2,311 words in the original blog post.
At AuthZed, the Culture Panel is a crucial part of the interview process for engineering candidates, emphasizing the importance of behavioral attributes alongside technical skills. This panel assesses how candidates work collaboratively, handle ambiguity, and manage disagreements, reflecting the company's values of agency, collaboration, diversity, and open-mindedness. It aims to identify individuals who can thrive in a startup environment, with qualities such as clear communication, constructive disagreement, and adaptability. Candidates are encouraged to prepare by reflecting on past experiences, using specific examples, and acknowledging mistakes to demonstrate growth and self-awareness. The goal is not to find a uniform communication style or personality but to build a diverse team that collaborates effectively and is united by shared values and motivations.
May 19, 2026
671 words in the original blog post.
Businesses often face what is termed the "Authorization Tax," which includes the financial and operational burdens of developing and maintaining an in-house authorization system. This tax encompasses initial development costs, ongoing maintenance, productivity losses due to reliance on engineering teams for updates, opportunity costs from stalled projects, and potential replatforming expenses when systems become outdated. Companies can mitigate these costs by leveraging open-source solutions like SpiceDB, which serves as the core of AuthZed's products, or by adopting managed infrastructure services that handle the complexities of authorization, allowing businesses to focus on their core operations. Both approaches offer substantial cost savings and reduce the need for extensive internal resources dedicated to authorization management.
May 18, 2026
1,180 words in the original blog post.
AuthZed is set to participate in the European Identity and Cloud Conference 2026 in Berlin, marking their first attendance at the event hosted by KuppingerCole, which previously recognized them as a rising star in authorization management. The company aims to engage in discussions about identity, security, and cloud infrastructure, with a focus on the challenges enterprises face in operationalizing AI systems, particularly regarding infrastructure and authorization. AuthZed highlights the need for robust authorization systems, like their SpiceDB, which is inspired by Google's Zanzibar system, to support fine-grained permissions and real-time authorization in complex, multi-tenant environments. During the conference, AuthZed will host a dinner with Axalon Partners to discuss governing AI agents and the role of identity fabrics in extending permissions to non-human identities, and their CEO, Jake Moshenko, will present on the advantages of treating authorization as shared infrastructure for more flexible and safe systems. They invite attendees to visit their booth for further discussions and to explore their SpiceDB playground online.
May 15, 2026
618 words in the original blog post.
The updated SpiceDB Playground offers a refreshed user interface and improved developer experience, making it more accessible for users to experiment with SpiceDB directly in a web browser without needing installation. Key features include the ability to edit schemas and relationships within the same view, eliminating the need to switch tabs, and allowing users to explore example schemas, write their own schemas, define relationships and assertions, and perform real permission checks. The integrated zed CLI enables users to drive their models from a terminal, and the platform's sharing capabilities allow for easy collaboration by sending models and examples via links. The update also includes new example schemas to provide additional learning resources for users unfamiliar with SpiceDB.
May 12, 2026
306 words in the original blog post.