Zed Tokens, Zookies, Consistency for Authorization

Secure authorization logic requires data consistency, a concept that is often self-referential and can be challenging to define. Designing well-architected software involves determining contracts and scope, but authorization systems are frequently an afterthought until product-market fit has been achieved. Google's journey in building access control for their products led to the development of Zanzibar, a highly-replicated and consistent ACL store that solved the New Enemy Problem. SpiceDB is a re-imagining of Zanzibar, designed to start from a strongly consistent posture while providing users with a way to relax overzealous consistency requirements to unlock higher performance. The ad-hoc consistency model adopted by SpiceDB allows adopters to be confident in strong consistency for particular problems without accepting silent data corruption or re-architecting systems.