Hi @Joey I'm working with @tartignolle. Just to be sure that I understand. Tbo while reading the whole conversation with my team mate I just realize that I didn't get it >< I thought that the whole process of the Lookwatch Api can be sum up like this : 1. Receive notification from watch api following this schema : resources#relation@subject 2. Call LookupSubject to get all Subject of a chosen SubjectType link to the subject send by watch Api. (I wondered that this api recursively get all relation relate to the subject until find the correct subjectType) 3. Do the same as 2) for the resources send by watchApi. Aka the left side of expression. 4. Cross join the 2 responses 5. Call checkPermissionApi on all elements of 4) link with one specific relation With this process do we resolve the "arrow issues" ? Do checkPermissiknApi correctly solve the permission crossing the schema and so the arrows ? I guess I miss something maybe perf maybe something else. Surely my eyes refuse to see something obvious to keep the work as simple as possible :p