-
Notifications
You must be signed in to change notification settings - Fork 289
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1745 from jzelinskie/html-readme
README: htmlify, update links
- Loading branch information
Showing
2 changed files
with
67 additions
and
57 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,54 +1,62 @@ | ||
# SpiceDB | ||
|
||
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/6348/badge)](https://bestpractices.coreinfrastructure.org/projects/6348) | ||
[![Container Image](https://img.shields.io/github/v/release/authzed/spicedb?color=%232496ED&label=container&logo=docker "Container Image")](https://hub.docker.com/r/authzed/spicedb/tags) | ||
[![Docs](https://img.shields.io/badge/docs-authzed.com-%234B4B6C "Authzed Documentation")](https://docs.authzed.com) | ||
[![Discord Server](https://img.shields.io/discord/844600078504951838?color=7289da&label=discord&logo=discord&logoColor=7289da "Discord Server")](https://authzed.com/discord) | ||
[![Twitter](https://img.shields.io/badge/twitter-%40authzed-1D8EEE?logo=twitter "@authzed on Twitter")](https://twitter.com/authzed) | ||
|
||
SpiceDB is an open source, [Google Zanzibar]-inspired database for creating and managing security-critical application permissions. | ||
|
||
Developers create a [schema] and use [client libraries] to apply the schema to the database, insert [relationships] into the database, and query the database to efficiently check permissions in their applications. | ||
|
||
[Google Zanzibar]: https://authzed.com/blog/what-is-zanzibar/ | ||
[schema]: https://authzed.com/docs/guides/schema | ||
[client libraries]: https://github.com/authzed/awesome-spicedb#clients | ||
[relationships]: https://authzed.com/docs/reference/glossary#relationship | ||
|
||
Features that distinguish SpiceDB from other systems include: | ||
|
||
- Expressive [gRPC] and [HTTP/JSON] APIs for checking permissions, listing access, and powering devtools | ||
- A distributed, parallel graph-engine faithful to the architecture described in [Google's Zanzibar paper] | ||
- A flexible consistency model configurable [per-request] that includes resistance to the [New Enemy Problem] | ||
- An expressive [schema language] with a [playground] and CI/CD integrations for [validation] and [integration testing] | ||
- A pluggable [storage system] supporting [in-memory], [Spanner], [CockroachDB], [PostgreSQL] and [MySQL] | ||
- Deep observability with [Prometheus] metrics, [pprof] profiles, structured logging, and [OpenTelemetry] tracing | ||
|
||
Want to learn more about the inspiration for SpiceDB? We've annotated [Google's Zanzibar Paper] with our own commentary. | ||
|
||
[gRPC]: https://buf.build/authzed/api/docs/main:authzed.api.v1 | ||
[HTTP/JSON]: https://app.swaggerhub.com/apis-docs/authzed/authzed/1.0 | ||
|
||
[per-request]: https://docs.authzed.com/reference/api-consistency | ||
[New Enemy Problem]: https://authzed.com/blog/new-enemies/ | ||
|
||
[schema language]: https://docs.authzed.com/guides/schema | ||
[playground]: https://play.authzed.com | ||
[validation]: https://github.com/authzed/action-spicedb-validate | ||
[integration testing]: https://github.com/authzed/action-spicedb | ||
|
||
[storage system]: https://authzed.com/docs/spicedb/selecting-a-datastore | ||
[in-memory]: https://github.com/hashicorp/go-memdb | ||
[PostgreSQL]: https://www.postgresql.org | ||
[Spanner]: https://cloud.google.com/spanner | ||
[CockroachDB]: https://github.com/cockroachdb/cockroach | ||
[MySQL]: https://www.mysql.com | ||
|
||
[Prometheus]: https://prometheus.io | ||
[pprof]: https://jvns.ca/blog/2017/09/24/profiling-go-with-pprof/ | ||
[OpenTelemetry]: https://opentelemetry.io | ||
|
||
[Google's Zanzibar paper]: https://authzed.com/zanzibar | ||
<h1 align="center"> | ||
<a href="https://authzed.com#gh-dark-mode-only" target="_blank"> | ||
<img width="300" src="https://github.com/authzed/spicedb/assets/343539/82234426-468b-4297-8b5c-f06a44fe2278" alt="spicedb logo"> | ||
</a> | ||
<a href="https://authzed.com#gh-light-mode-only" target="_blank"> | ||
<img width="300" src="https://github.com/authzed/spicedb/assets/343539/312ff046-7076-4c30-afd4-2e3d86c06f51" alt="spicedb Logo"> | ||
</a> | ||
</h1> | ||
|
||
<h3 align="center"> | ||
SpiceDB sets the standard for authorization that <i>scales</i>. | ||
<br/><br/>Scale with<br/> | ||
Traffic • Dev Velocity • Functionality • Geography | ||
</h3> | ||
|
||
<p align="center"> | ||
<a href="https://github.com/authzed/spicedb/releases"><img alt="release badge" src="https://img.shields.io/github/v/release/authzed/spicedb?color=%236EC93F&label=latest%20release&sort=semver&style=flat-square"></a> | ||
| ||
<a href="https://hub.docker.com/repository/docker/authzed/spicedb" target="_blank"><img alt="docker pulls badge" src="https://img.shields.io/docker/pulls/authzed/spicedb?color=%23448CE6&style=flat-square"></a> | ||
| ||
<a href="https://authzed.com/blog/go-ecosystem"><img alt="built with Go badge" src="https://img.shields.io/badge/built_with-Go-367B99.svg?style=flat-square"></a> | ||
| ||
<a href="https://www.bestpractices.dev/en/projects/6348" target="_blank"><img alt="cii badge" src="https://img.shields.io/cii/percentage/6348?style=flat-square&label=cii%20best%20practices&color=F8D44B"></a> | ||
| ||
</p> | ||
|
||
<p align="center"> | ||
<a href="https://discord.gg/spicedb"><img alt="discord badge" src="https://img.shields.io/discord/844600078504951838?color=7289da&label=discord&style=flat-square"></a> | ||
| ||
<a href="https://twitter.com/authzed"><img alt="twitter badge" src="https://img.shields.io/badge/[email protected]?style=flat-square"></a> | ||
| ||
<a href="https://www.linkedin.com/company/authzed/"><img alt="linkedin badge" src="https://img.shields.io/badge/linkedin-+authzed-2D65BC.svg?style=flat-square"></a> | ||
</p> | ||
|
||
## What is SpiceDB? | ||
|
||
SpiceDB is a graph database purpose-built for storing and evaluating access control data. | ||
|
||
As of 2021, [broken access control became the #1 threat to the web][owasp]. With SpiceDB, developers finally have the solution to stopping this threat the same way as the hyperscalers. | ||
|
||
[owasp]: https://owasp.org/Top10/A01_2021-Broken_Access_Control/ | ||
|
||
### Why SpiceDB? | ||
|
||
- [**World-class engineering**][about]: painstakingly built by experts that pioneered the cloud-native ecosystem | ||
- [**Authentic design**][zanzibar]: mature and feature-complete implementation of Google's Zanzibar paper | ||
- [**Proven in production**][1M]: 5ms p95 when scaled to millions of queries/s, billions of relationships | ||
- [**Global consistency**][consistency]: consistency configured per-request unlocks correctness while maintaining performance | ||
- [**Multi-paradigm**][caveats]: caveated relationships combine the best concepts in authorization: ABAC & ReBAC | ||
- [**Safety in tooling**][tooling]: designs schemas with real-time validation or validate in your CI/CD workflow | ||
- [**Reverse Indexes**][reverse-indexes]: queries for "What can `subject` do?", "Who can access `resource`?" | ||
|
||
[about]: https://authzed.com/why-authzed | ||
[zanzibar]: https://authzed.com/zanzibar | ||
[1M]: https://authzed.com/blog/google-scale-authorization | ||
[caveats]: https://netflixtechblog.com/abac-on-spicedb-enabling-netflixs-complex-identity-types-c118f374fa89 | ||
[tooling]: https://authzed.com/docs/spicedb/modeling/validation-testing-debugging | ||
[reverse-indexes]: https://authzed.com/docs/spicedb/getting-started/faq#what-is-a-reverse-index | ||
[consistency]: https://authzed.com/docs/spicedb/concepts/consistency | ||
|
||
## Joining the Community | ||
|
||
|
@@ -178,9 +186,9 @@ You can try both SpiceDB and zed entirely in your browser on the [playground] th | |
|
||
If you don't want to start with the examples loadable from the Playground, you can follow a guide for [developing a schema] or review the the schema language [design documentation]. | ||
|
||
To get a quick idea of schema development, you can watch the creators of SpiceDB writing a schema for GitHub: | ||
Watch the SpiceDB primer video to get started with schema development: | ||
|
||
[![Modeling GitHub YouTube Video Thumbnail](https://user-images.githubusercontent.com/343539/223837989-ead99ff9-ef35-4cf3-864d-d8d86ecdf9ce.png)](https://www.youtube.com/watch?v=x3-B9-ICj0w) | ||
<a href="https://www.youtube.com/watch?v=AoK0LrkGFDY" target="_blank"><img width="600" alt="SpiceDB Primer YouTube Thumbnail" src="https://github.com/authzed/spicedb/assets/343539/7784dfa2-b330-4c5e-b32a-090759e48392"></a> | ||
|
||
[developing a schema]: https://docs.authzed.com/guides/schema | ||
[design documentation]: https://docs.authzed.com/reference/schema-lang | ||
|
@@ -196,7 +204,8 @@ Because every millisecond counts, we recommend using libraries that leverage the | |
|
||
To get an understanding of integrating an application with SpiceDB, you can follow the [Protecting Your First App] guide or review API documentation on the [Buf Registry] or [Postman]. | ||
|
||
[installing zed]: https://github.com/authzed/zed | ||
[installing zed]: https://authzed.com/docs/spicedb/getting-started/installing-zed | ||
[playground]: https://play.authzed.com | ||
[existing client libraries]: https://github.com/authzed/awesome-spicedb#clients | ||
[Protecting Your First App]: https://docs.authzed.com/guides/first-app | ||
[Buf Registry]: https://buf.build/authzed/api/docs | ||
|
@@ -209,5 +218,6 @@ We appreciate all contributions, large and small, and would like to thank all th | |
|
||
In addition, we'd like to highlight a few notable contributions: | ||
|
||
- The GitHub Authorization Team for implementing and contributing the MySQL datastore | ||
- The Netflix Authorization Team for [sponsoring and being a design partner for Caveats](https://authzed.com/blog/abac-on-spicedb-enabling-netflix-complex-identity-types) | ||
- <img alt="github logo" height="15px" src="https://github.com/authzed/spicedb/assets/343539/c05b8aef-c862-4499-bebf-0a43f3b423c4"> The GitHub Authorization Team for implementing and contributing the MySQL datastore | ||
- <img alt="netflix logo" height="15px" src="https://github.com/authzed/spicedb/assets/343539/e64128f0-978f-4fd6-bdd7-1ce7cb6b34b9"> The Netflix Authorization Team for sponsoring and being a design partner for caveats | ||
- <img alt="equinix logo" height="15px" src="https://github.com/authzed/spicedb/assets/343539/7bf706f9-910d-4902-8957-c914a7468eff"> The Equinix Metal Team for sponsoring our benchmarking hardware |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters