search

Permify / permify

An open-source authorization as a service inspired by Google Zanzibar, designed to build and manage fine-grained and scalable authorization systems for any application.
https://docs.permify.co/
Apache License 2.0
4.89k stars 220 forks source link

Documentation request: #31

Closed StevenACoffman closed 1 year ago

StevenACoffman commented 1 year ago

Permify is very cool! Do you have a comparison with other Zanzibar OSS Go projects like:

SpiceDB did a blog post talking about having multiple data backends including Postgres and CockroachDB for durable storage, and an in-memory datastore for testing and development.

It looks like Permify does not yet support bounded staleness (Zookies).

I know Keto was originally a very different project that has been rewritten to be Zanzibar-like. It is missing some core Zanzibar functionality: horizontally scalable, bounded staleness (Zookies), and userset rewrites, for example.

StevenACoffman commented 1 year ago

From reddit:

Actually, we're launching our snapshot token and Zookie support within 2 weeks! At the moment we support Postgres and in-memory datastore(testing purposes).

And, we're going to support both Spanner-like DBs in near future within 1-2 months.

Those are projects we admire, and the Zanzibar space is fairly new. At the moment we’re testing many tools for reasoning about authorization, visualization, visibility, and governance with a small group of users. We’re trying to differentiate between those supporting tools and dashboards. If you’re interested, we allow our users to have early access to those dashboard features. Feel free to shoot me an email!

From 2021-06-28 video by Jake Moshenko of authzed/spicedb: Zanzibar Ory/Keto Auth0 OpenFGA (sandcastle) Airbnb Himeji AuthZed SpiceDB Permify
Paper Faithfulness Extremely High Medium High? Medium High Medium
Scalability Extremely High Low Unknown High Medium High
CAP Compromise CP Not distributed Unknown AP CP CP
New Enemy? Solved Solved No Zookies No Zookies Solved Coming Soon!
Dev UX Average / Unknown Poor Average Average High High
firatcand commented 1 year ago

Amazing question! We'll be adding your documentation request ASAP! Thanks for the issue :)

To be honest we don’t try to be faithful with the paper that’s not our goal. But there are certain crucial parts we follow.

So, Paper Faithfulness - Medium

After these improvements, we will become very scalable yet I might say we still need a bit of improvement.

So, Scalability - High

CAP promise - CP

New Enemy - Solved

And I would call our most powerful side is DevEx with coming updates within a couple of weeks it will be fairly high.

Dev UX/ Dev ex - High

wemod123 commented 1 year ago

I have been testing openfga for a while in k8s cluster with 3+ nodes, so far shows very promise on performance / schema modeling and extending / scalability etc,

Seams permify's use case is pretty same with openfga, If you got a question: What is the top 2 reasons you got advantages with permify vs. openfga, what will be the answer at the moment or in the future.

EgeAytin commented 1 year ago

Hi @wemod123 At the moment, most of the technical aspects are similar to openfga, there are approach differences in some parts - such as data filtering, modeling, logging, etc. For the near future, we're currently working on an ABAC capability and will release it within 2-3 weeks.

Other than technical aspects, one the main difference is we're fairly focused on to developer experience and easy-to-maintain deployment process. We’re always building tools and workflows for your authorization lifecycle rather than just focusing on scalability issues.