Chaos and Order

Chaos and Order https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Mon, 25 May 2026 00:00:00 GMT https://www.youngju.dev/blog/culture/2026-05-25-authorization-fga-zanzibar-spicedb-permify-openfga-cerbos-cedar-oso-2026-deep-dive.en Fine-grained Authorization (FGA) Systems in 2026 — Zanzibar, SpiceDB, Permify, OpenFGA, Cerbos, Cedar, Oso Deep Dive https://www.youngju.dev/blog/culture/2026-05-25-authorization-fga-zanzibar-spicedb-permify-openfga-cerbos-cedar-oso-2026-deep-dive.en Authorization no longer ends with one line of "if user.role == admin". Since Google's Zanzibar paper rewrote the industry's mental model, 2026 has more than a dozen FGA engines fighting it out — SpiceDB, OpenFGA (Auth0/Okta), Permify, Cerbos, Cedar (AWS), Casbin, Oso, Ory Keto, Warrant, Aserto, Topaz. This piece covers the difference between ReBAC, RBAC, and ABAC, the internals of the Zanzibar paper (snapshot reads, Leopard index, watch API), namespace/relation/condition schemas, Check API patterns, ListObjects vs ListRelations, multi-tenant isolation, Postgres RLS as a fallback, edge authorization (Cloudflare + OPA), and real-world deployments at Naver, Kakao, AWS Tokyo, and Cybozu. Mon, 25 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) authorizationfgazanzibarspicedbpermifyopenfgacerbosasertocasbinosocedarrebacrbacabacopa https://www.youngju.dev/blog/culture/2026-05-25-authorization-fga-zanzibar-spicedb-permify-openfga-cerbos-cedar-oso-2026-deep-dive.ja きめ細かな認可(FGA)システム 2026 徹底解説 — Zanzibar、SpiceDB、Permify、OpenFGA、Cerbos、Cedar、Oso 完全ガイド https://www.youngju.dev/blog/culture/2026-05-25-authorization-fga-zanzibar-spicedb-permify-openfga-cerbos-cedar-oso-2026-deep-dive.ja 認可(Authorization)は、もう if user.role == admin の一行で終わる時代ではない。Google の Zanzibar 論文が業界全体の発想を変えて以来、2026 年現在では SpiceDB、OpenFGA(Auth0/Okta)、Permify、Cerbos、AWS Cedar、Casbin、Oso、Ory Keto、Warrant、Aserto、Topaz まで十数の FGA エンジンが激突している。ReBAC と RBAC と ABAC の違い、Zanzibar 論文の内部(snapshot read、Leopard インデックス、watch API)、ネームスペース・リレーション・コンディションのスキーマ、Check API パターン、ListObjects と ListRelations、マルチテナント隔離、Postgres RLS のフォールバック、エッジ認可(Cloudflare + OPA)、そして Naver / Kakao / Cybozu の実際の導入事例まで一気通貫で整理する。 Mon, 25 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) authorizationfgazanzibarspicedbpermifyopenfgacerbosasertocasbinosocedarrebacrbacabacopa https://www.youngju.dev/blog/culture/2026-05-25-authorization-fga-zanzibar-spicedb-permify-openfga-cerbos-cedar-oso-2026-deep-dive 세분화 인가(FGA) 시스템 2026 심층 분석 — Zanzibar, SpiceDB, Permify, OpenFGA, Cerbos, Cedar, Oso 완전 정복 https://www.youngju.dev/blog/culture/2026-05-25-authorization-fga-zanzibar-spicedb-permify-openfga-cerbos-cedar-oso-2026-deep-dive 인가(Authorization)는 더 이상 if user.role == admin 한 줄로 끝나지 않는다. 구글의 Zanzibar 논문이 산업 전체의 사고방식을 바꾼 이후 2026년 현재 SpiceDB, OpenFGA(Auth0/Okta), Permify, Cerbos, Cedar(AWS), Casbin, Oso, Ory Keto, Warrant, Aserto, Topaz까지 십수 개의 FGA 엔진이 격돌하고 있다. ReBAC vs RBAC vs ABAC의 차이, Zanzibar 논문 내부(snapshot read, Leopard index, watch API), 네임스페이스/릴레이션/컨디션 스키마, Check API 패턴, ListObjects vs ListRelations, 멀티테넌트 격리, Postgres RLS 폴백, 엣지 인가(Cloudflare + OPA), 그리고 네이버/카카오/Cybozu의 실제 도입 사례까지 한 번에 정리한다. Mon, 25 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) authorizationfgazanzibarspicedbpermifyopenfgacerbosasertocasbinosocedarrebacrbacabacopa