Is anyone out there familiar enough with the Google Zanzibar-inspired authorization space to help me figure out how OpenFGA, SpiceDB, and Permify compare with one another? They all seem quite similar, and I’m struggling to rank them objectively. #authorization #zanzibar #openfga #permify #spicedb
@joshuapsteele I got you! This is literally my job, haha. Is there any dimension you’re looking to compare, specifically?
Disclaimer: I work for AuthZed, who maintains SpiceDB. Un-disclaimer: I really like digging deep into the differences here and can present somewhat objectively :)
@joshuapsteele.bsky.social WOW this is so helpful! Thanks! Do you have any thoughts on the maturity and quality of the tooling (CLI, SDKs, etc) for each? I’ve been impressed with OpenFGA’s stuff. Permify’s tooling seems a bit, idk, sparser? And I haven’t messed with SpiceDB yet
@joshuapsteele.bsky.social Hmm, tenancy might be a deal-breaker for us, since we’re trying to consolidate a bunch of disparate approaches to authorization from orgs across our company. Does AuthZed/SpiceDB have a write-up on tenancy tradeoffs anywhere?
@joshuapsteele I’m glad! Well, again, with the disclaimer that I do work for AuthZed, it is factually accurate that SpiceDB predates both Permify and OpenFGA, both of which have taken inspiration from the design of SpiceDB in their own implementations, so SpiceDB does have a leg up in terms of maturity there.
@joshuapsteele Ah gotcha! We actually work with a bunch of orgs who are consolidating different approaches to authz with SpiceDB and I should elaborate that SpiceDB does support multiple tenants, we just recommend running separate permissions systems, rather than logical isolation in the same system.
@joshuapsteele.bsky.social What does the consolidation aspect look like, then? Getting those “separate permission systems” to talk to each other (vs having one centralized system/service running)?
@joshuapsteele.bsky.social Hmm, actually I think what I’m thinking of as “tenancy” concerns might be addressed by the Composable Schemas feature that’s in preview. We basically just need separate business units/orgs to be able to manage their own authorization models at first
@joshuapsteele.bsky.social Are both Permify and SpiceDB able to be used by an enterprise as truly open source options? I think the answer is yes for SpiceDB, but I’m not 100% sure on Permify. I’m wondering if their “free” option is just meant as a temporary stepping stone?