Thanks @Joey One more question what are the advantages of Authzed vs OpenFGA(which is part of CNCF and open source) and backed by Okta which is one of the big player in Identity space.

The main differences are around (a) safety (b) performance and (c) feature development. On the safety side, SpiceDB fully implements the Zanzibar consistency model (https://zanzibar.tech/2Pb5itZdZ:0.MsLSEAkiC:0), including full support for at-exact-snapshot and with-at-least-as-fresh semantics. This allows SpiceDB to both be safe, but also performant in use of caches. A lot of other Zanzibar implementations skip the consistency support because it is quite difficult to do correctly; we make sure to have explicit testing for it. On the performance side, SpiceDB has been (and continues to be) the most scalable implementation of ReBAC and we continuously work to improve our performance vs ourselves. On the features side, SpiceDB has been and continues to be the leader in development of new features and capabilities within the ReBAC space. For example, we pioneered the concept of caveats, which was then adopted by other implementations. While Okta may be a big player in the identity space, that means their focus is split beween identity (their main source of revenue) and authorization. We, on the other hand, are solely focused on the authorization side, and strive to work with any form of identity provider out there.

Those are good points. Thanks @Joey