3. yes, but again, this is less about rebac or authzed specifically and more about using a separate service for authorization. you can use a two-phase commit approach, you can use an eventually-consistent approach with CQRS, or you can make SpiceDB the primary store for certain pieces of information, which is what we were talking about above. in my old company's implementation, we weren't worried about the new enemy problem, so we fed everything through Kafka and it worked just fine.