Jake Moshenko
Jake Moshenko
# Goal Let people handle their abac-y style needs in a Zanzibar first way. # Use Cases - Time - “I want to bound the amount of time that a...
Right now when a new optimized revision becomes the de-facto choice, the entire existing cache is (practically) simultaneously invalidated. In order to decrease the effect of this cutover, we should...
Right now in the `pkg/cmd/datastore` package we have a set of defaults that apply equally to all datastores. Sometimes this is not a single default that works for all datastores....
Some of our fire-and-forgotten requests, that are no longer needed due to an earlier answer, can continue to use the datastore after it has been closed. We should probably track...
Right now the `graph` package uses something that looks very similar to errgroups for running a bunch of checks in parallel, and was written naive of the existence of errgroups....
There are some certain scenarios where we want to check a subject against itself as the resource, for example: ``` definition user { relation manager: user permission view_paystubs = manager...
Revision picking needs more request metadata than we have in the datastore API. Datastore implementations that use non-timestamp revisions (memdb, postgres) will need to made such that they can accept...
The client-side cache should report `0` downstream dispatches, and the server side cache should report `1`. Right now it's hard-coded to always report zero: https://github.com/authzed/spicedb/blob/ac17a3b5b03ccf34d4594e73587072e2c3a5ca1b/internal/dispatch/caching/caching.go#L133 This value should be configurable...
Often several models share the same set of relations and permissions. It would be nice if Authzed schema supported some kind of way of deduplicating these definitions, and possibly also...