From e3de5df6063ee7724f3980789b5c3eeda9a97ed0 Mon Sep 17 00:00:00 2001 From: Jimmy Zelinskie Date: Sat, 17 Feb 2024 18:40:04 -0500 Subject: [PATCH 1/3] README: htmlify, update links --- README.md | 119 +++++++++++++++++++++++++++++------------------------- 1 file changed, 64 insertions(+), 55 deletions(-) diff --git a/README.md b/README.md index 5b1a4bf8bf..7bfcdcb3a6 100644 --- a/README.md +++ b/README.md @@ -1,54 +1,62 @@ -# SpiceDB - -[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/6348/badge)](https://bestpractices.coreinfrastructure.org/projects/6348) -[![Container Image](https://img.shields.io/github/v/release/authzed/spicedb?color=%232496ED&label=container&logo=docker "Container Image")](https://hub.docker.com/r/authzed/spicedb/tags) -[![Docs](https://img.shields.io/badge/docs-authzed.com-%234B4B6C "Authzed Documentation")](https://docs.authzed.com) -[![Discord Server](https://img.shields.io/discord/844600078504951838?color=7289da&label=discord&logo=discord&logoColor=7289da "Discord Server")](https://authzed.com/discord) -[![Twitter](https://img.shields.io/badge/twitter-%40authzed-1D8EEE?logo=twitter "@authzed on Twitter")](https://twitter.com/authzed) - -SpiceDB is an open source, [Google Zanzibar]-inspired database for creating and managing security-critical application permissions. - -Developers create a [schema] and use [client libraries] to apply the schema to the database, insert [relationships] into the database, and query the database to efficiently check permissions in their applications. - -[Google Zanzibar]: https://authzed.com/blog/what-is-zanzibar/ -[schema]: https://authzed.com/docs/guides/schema -[client libraries]: https://github.com/authzed/awesome-spicedb#clients -[relationships]: https://authzed.com/docs/reference/glossary#relationship - -Features that distinguish SpiceDB from other systems include: - -- Expressive [gRPC] and [HTTP/JSON] APIs for checking permissions, listing access, and powering devtools -- A distributed, parallel graph-engine faithful to the architecture described in [Google's Zanzibar paper] -- A flexible consistency model configurable [per-request] that includes resistance to the [New Enemy Problem] -- An expressive [schema language] with a [playground] and CI/CD integrations for [validation] and [integration testing] -- A pluggable [storage system] supporting [in-memory], [Spanner], [CockroachDB], [PostgreSQL] and [MySQL] -- Deep observability with [Prometheus] metrics, [pprof] profiles, structured logging, and [OpenTelemetry] tracing - -Want to learn more about the inspiration for SpiceDB? We've annotated [Google's Zanzibar Paper] with our own commentary. - -[gRPC]: https://buf.build/authzed/api/docs/main:authzed.api.v1 -[HTTP/JSON]: https://app.swaggerhub.com/apis-docs/authzed/authzed/1.0 - -[per-request]: https://docs.authzed.com/reference/api-consistency -[New Enemy Problem]: https://authzed.com/blog/new-enemies/ - -[schema language]: https://docs.authzed.com/guides/schema -[playground]: https://play.authzed.com -[validation]: https://github.com/authzed/action-spicedb-validate -[integration testing]: https://github.com/authzed/action-spicedb - -[storage system]: https://authzed.com/docs/spicedb/selecting-a-datastore -[in-memory]: https://github.com/hashicorp/go-memdb -[PostgreSQL]: https://www.postgresql.org -[Spanner]: https://cloud.google.com/spanner -[CockroachDB]: https://github.com/cockroachdb/cockroach -[MySQL]: https://www.mysql.com - -[Prometheus]: https://prometheus.io -[pprof]: https://jvns.ca/blog/2017/09/24/profiling-go-with-pprof/ -[OpenTelemetry]: https://opentelemetry.io - -[Google's Zanzibar paper]: https://authzed.com/zanzibar +

+ + spicedb logo + + + spicedb Logo + +

+ +

+ SpiceDB sets the standard for authorization that scales. +

Scale with
+ Traffic • Dev Velocity • Functionality • Geography +

+ +

+ release badge +   + docker pulls badge +   + built with Go badge +   + cii badge +   +

+ +

+ discord badge +   + twitter badge +   + linkedin badge +

+ +## What is SpiceDB? + +SpiceDB is a graph database purpose-built for storing and evaluating access control data. + +As of 2021, [broken access control became the #1 threat to the web][owasp]. With SpiceDB, developers finally have the solution to stopping this threat the same way as the hyperscalers. + +[owasp]: https://owasp.org/Top10/A01_2021-Broken_Access_Control/ + +### Why SpiceDB? + +- [**World-class engineering**][about]: painstakingly built by experts that pioneered the cloud-native ecosystem +- [**Authentic design**][zanzibar]: mature and feature-complete implementation of Google's Zanzibar paper +- [**Proven in production**][1M]: 5ms p95 when scaled to millions of queries/s, billions of relationships +- [**Global consistency**][consistency]: consistency configured per-request unlocks correctness while maintaining performance +- [**Multi-paradigm**][caveats]: caveated relationships combine the best concepts in authorization: ABAC & ReBAC +- [**Safety in tooling**][tooling]: designs schemas with real-time validation or validate in your CI/CD workflow +- [**Reverse Indexes**][reverse-indexes]: queries for "What can `subject` do?", "Who can access `resource`?" + +[about]: https://authzed.com/why-authzed +[zanzibar]: https://authzed.com/zanzibar +[1M]: https://authzed.com/blog/google-scale-authorization +[caveats]: https://netflixtechblog.com/abac-on-spicedb-enabling-netflixs-complex-identity-types-c118f374fa89 +[tooling]: https://authzed.com/docs/spicedb/modeling/validation-testing-debugging +[reverse-indexes]: https://authzed.com/docs/spicedb/getting-started/faq#what-is-a-reverse-index +[consistency]: https://authzed.com/docs/spicedb/concepts/consistency ## Joining the Community @@ -178,9 +186,9 @@ You can try both SpiceDB and zed entirely in your browser on the [playground] th If you don't want to start with the examples loadable from the Playground, you can follow a guide for [developing a schema] or review the the schema language [design documentation]. -To get a quick idea of schema development, you can watch the creators of SpiceDB writing a schema for GitHub: +Watch the SpiceDB primer video to get started with schema development: -[![Modeling GitHub YouTube Video Thumbnail](https://user-images.githubusercontent.com/343539/223837989-ead99ff9-ef35-4cf3-864d-d8d86ecdf9ce.png)](https://www.youtube.com/watch?v=x3-B9-ICj0w) +SpiceDB Primer YouTube Thumbnail [developing a schema]: https://docs.authzed.com/guides/schema [design documentation]: https://docs.authzed.com/reference/schema-lang @@ -196,7 +204,8 @@ Because every millisecond counts, we recommend using libraries that leverage the To get an understanding of integrating an application with SpiceDB, you can follow the [Protecting Your First App] guide or review API documentation on the [Buf Registry] or [Postman]. -[installing zed]: https://github.com/authzed/zed +[installing zed]: https://authzed.com/docs/spicedb/getting-started/installing-zed +[playground]: https://play.authzed.com [existing client libraries]: https://github.com/authzed/awesome-spicedb#clients [Protecting Your First App]: https://docs.authzed.com/guides/first-app [Buf Registry]: https://buf.build/authzed/api/docs @@ -210,4 +219,4 @@ We appreciate all contributions, large and small, and would like to thank all th In addition, we'd like to highlight a few notable contributions: - The GitHub Authorization Team for implementing and contributing the MySQL datastore -- The Netflix Authorization Team for [sponsoring and being a design partner for Caveats](https://authzed.com/blog/abac-on-spicedb-enabling-netflix-complex-identity-types) +- The Netflix Authorization Team for sponsoring and being a design partner for caveats From 4957e4b8e6fa21b33b265432182cda4d8487863b Mon Sep 17 00:00:00 2001 From: Jimmy Zelinskie Date: Sat, 17 Feb 2024 22:59:25 -0500 Subject: [PATCH 2/3] mage: bump markdown lint version --- magefiles/lint.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/magefiles/lint.go b/magefiles/lint.go index 741ec51cb4..037d9e2c35 100644 --- a/magefiles/lint.go +++ b/magefiles/lint.go @@ -51,7 +51,7 @@ func (Lint) Markdown() error { } return sh.RunV("docker", "run", "--rm", "-v", fmt.Sprintf("%s:/src:ro", cwd), - "ghcr.io/igorshubovych/markdownlint-cli:v0.34.0", "--config", "/src/.markdownlint.yaml", "/src") + "ghcr.io/igorshubovych/markdownlint-cli:v0.39.0", "--config", "/src/.markdownlint.yaml", "/src") } // Go Run all go linters From b731611b985fff0c63e2a708952f0c0c25fa34e6 Mon Sep 17 00:00:00 2001 From: Jimmy Zelinskie Date: Mon, 19 Feb 2024 13:20:38 -0500 Subject: [PATCH 3/3] README: add logos for acknowledgements --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7bfcdcb3a6..4f2076b604 100644 --- a/README.md +++ b/README.md @@ -218,5 +218,6 @@ We appreciate all contributions, large and small, and would like to thank all th In addition, we'd like to highlight a few notable contributions: -- The GitHub Authorization Team for implementing and contributing the MySQL datastore -- The Netflix Authorization Team for sponsoring and being a design partner for caveats +- github logo The GitHub Authorization Team for implementing and contributing the MySQL datastore +- netflix logo The Netflix Authorization Team for sponsoring and being a design partner for caveats +- equinix logo The Equinix Metal Team for sponsoring our benchmarking hardware