docs: Update SpiceDb documentation

- Updated the 'Getting Started' guide to reflect changes in the setup and configuration process of SpiceDb in .NET projects. - Lowered the minimum required .NET version from 8 to 7. - Removed specific HTMX integration details, replaced with instructions on creating a client using the SpiceDb endpoint web address. - Expanded the 'Overview' section with detailed information about what is SpiceDb, its history, features, and how it distinguishes itself from other systems. - Added a new page titled 'Why SpiceDb?' explaining why developers should consider using this system for access control. It includes an example of a simple schema for document access control.
JalexSocial · Apr 12, 2024 · 9f93ed4 · 9f93ed4
1 parent e73a2be
commit 9f93ed4
Show file tree

Hide file tree

Showing 5 changed files with 135 additions and 46 deletions.
diff --git a/content/docs/introduction/getting-started.md b/content/docs/introduction/getting-started.md
@@ -18,11 +18,11 @@ seo:
   noindex: false # false (default) or true
 ---
 
-This README provides instructions on how to incorporate the SpiceDb library into your ASP.NET projects. SpiceDb leverages .NET 8 capabilities to enhance your web application development process, particularly focusing on HTMX integration.
+This README provides instructions on how to incorporate the SpiceDb library into your .NET projects. 
 
 ## Requirements
 
-- **.NET Version**: .NET 8 or newer.
+- **.NET Version**: .NET 7 or newer.
 
 ## Installation
 
@@ -36,53 +36,20 @@ For the latest version and more details, visit the [SpiceDb NuGet package page](
 
 ## Configuration
 
-After installing SpiceDb, you need to configure it in your `Program.cs` or startup configuration file. This setup involves specifying your application's root component, default layout, antiforgery strategy, and HTMX configurations. Here's how to add SpiceDb to your application builder:
+After installing SpiceDb, you need to create a client using the SpiceDb endpoint web address. 
 
 ```csharp
-builder.AddSpiceDb(config =>
-    {
-        config.RootComponent = typeof(HtmxApp<AppLayout>);
-        config.DefaultLayout = typeof(HtmxLayout<MainLayout>);
-        config.AntiforgeryStrategy = AntiforgeryStrategy.GenerateTokensPerPage;
-    })
-    .WithHtmxConfiguration(config =>
-    {
-        config.SelfRequestsOnly = true;
-    })
-    .WithHtmxConfiguration("articles", config =>
-    {
-        config.SelfRequestsOnly = true;
-        config.GlobalViewTransitions = true;
-    });
-```
-
-### Configuration Details
-
-- **RootComponent**: Defines the default root component for your component hierarchy. Wrapping a Layout in `HtmxApp` ensures that when a page is rendered with HTMX, it won't render the Layout.
-- **DefaultLayout**: Applied to any view that doesn't specifically specify a Layout attribute.
-- **AntiforgeryStrategy**: Configures antiforgery tokens behavior. Options include turning off antiforgery tokens, generating them on each request, or generating them on each full-page reload.
-
-### HTMX Configuration
-
-`WithHtmxConfiguration` allows setting up HTMX-specific settings, supporting both default and named configurations. In this example we configure:
 
-- **SelfRequestsOnly**: Restricts HTMX requests to the same origin.
-- **GlobalViewTransitions**: Enables global view transitions for the specified named configuration.
+// Create a new client with a namespace prefix of "arch" for all defined objects
 
-Multiple configurations can be defined for different parts of your application, offering granular control over HTMX behavior.
+// Approach #1 - Uses default server address
+var client = new SpiceDbClient("secret_token", "schemaprefix");  // defaults to server address of "https://grpc.authzed.com
 
-For more detailed information on configuring HTMX in SpiceDb, refer to the [Htmx Configuration Documentation](https://jalexsocial.github.io/SpiceDb.docs/docs/htmx/configuration/).
+// Approach #2 - Specifies server (must include http or https in address)
+var client = new SpiceDbClient("http://127.0.0.1:50051", "secret_token", "schemaprefix");
 
-## Middleware
+// Approach #3 - Custom created Grpc ChannelBase for full control of the connection channel
+var channel = GrpcChannel.ForAddress("http://127.0.0.1:50051");  // You can get as elaborate as you want
+var client = new SpiceDbClient(channel, "schemaprefix");
 
-After configuring antiforgery and routing in your application, ensure to add the SpiceDb middleware to the pipeline:
-
-```csharp
-app.UseSpiceDb();
 ```
-
-This middleware integrates SpiceDb's capabilities into your application, enabling advanced features and configurations specified in your setup.
-
-## Conclusion
-
-SpiceDb offers a powerful and flexible way to enhance your ASP.NET applications with advanced HTMX integration and configuration options.
diff --git a/content/docs/introduction/overview.md b/content/docs/introduction/overview.md
@@ -20,8 +20,81 @@ seo:
 
 SpiceDb is an open-source, Zanzibar-inspired authorization system that provides a robust and scalable solution for managing fine-grained permissions across distributed systems. Its implementation closely follows the principles set out in Google's Zanzibar paper, adapting them into a practical and deployable system. 
 
+## What is SpiceDB?
+
+SpiceDB is an open source, [Google Zanzibar]-inspired database system for real-time, security-critical application permissions.
+
 <img src="/images/developer1.webp" class="img-fluid" style="margin-bottom: 2rem">
 
+Developers create and apply a schema that models their application's resources and permissions.
+From their applications, client libraries such as SpiceDb.net are used to insert relationships or check permissions in their applications.
+
+Building modern authorization from scratch is non-trivial and requires years of development from domain experts.
+Until SpiceDB, the only developers with access to these workflows were employed by massive tech companies that could invest in building mature, but proprietary solutions.
+
+Now we have a community organized around sharing this technology so that the entire industry can benefit.
+
+In some scenarios, SpiceDB can be challenging to operate because it is a critical, low-latency, distirbuted system.
+For folks interested in a managed SpiceDB services and enterprise functionality, there are [AuthZed's products](https://authzed.com/docs/authzed/guides/picking-a-product).
+
+[Google Zanzibar]: https://authzed.com/blog/what-is-zanzibar/
+[schema]: https://authzed.com/docs/guides/schema
+[client libraries]: https://github.com/authzed/awesome-spicedb#clients
+[relationships]: ../concepts/relationships
+[authzed-products]: ../../authzed/guides/picking-a-product
+
+### A brief SpiceDB history lesson
+
+In August 2020, the founders of AuthZed left [Red Hat], who had acquired their previous company [CoreOS].
+In the following month, they would write the first API-complete implementation of Zanzibar; project Arrakis was written in lazily-evaluated, type-annotated Python.
+In September, Arrakis was demoed as a part of their [YCombinator] application.
+In March 2021, Arrakis was rewritten in Go, a project code-named Caladan.
+This rewrite would eventually be open-sourced in September 2021 under the name [SpiceDB].
+
+You can read also read the [history of Google's Zanzibar project](https://authzed.com/docs/spicedb/concepts/zanzibar#history), which is the spirtual predecessor and inspiration for SpiceDB.
+
+[Red Hat]: https://redhat.com
+[CoreOS]: https://www.redhat.com/en/technologies/cloud-computing/openshift/what-was-coreos
+[YCombinator]: https://www.ycombinator.com/companies/authzed
+[SpiceDB]: https://authzed.com/blog/spicedb-is-open-source-zanzibar
+[zanzibar-history]: ../concepts/zanzibar#history
+
+### SpiceDB Features
+
+Features that distinguish SpiceDB from other systems include:
+
+- Expressive [gRPC] and [HTTP/JSON] APIs for checking permissions, listing access, and powering devtools
+- A distributed, parallel graph-engine faithful to the architecture described in [Google's Zanzibar paper]
+- A flexible consistency model configurable [per-request] that includes resistance to the [New Enemy Problem]
+- An expressive [schema language] with a [playground] and CI/CD integrations for [validation] and [integration testing]
+- A pluggable [storage system] supporting [in-memory], [Spanner], [CockroachDB], [PostgreSQL] and [MySQL]
+- Deep observability with [Prometheus] metrics, [pprof] profiles, structured logging, and [OpenTelemetry] tracing
+
+[gRPC]: https://buf.build/authzed/api/docs/main:authzed.api.v1
+[HTTP/JSON]: https://app.swaggerhub.com/apis-docs/authzed/authzed/1.0
+
+[per-request]: https://docs.authzed.com/reference/api-consistency
+[New Enemy Problem]: https://authzed.com/blog/new-enemies/
+
+[schema language]: https://docs.authzed.com/guides/schema
+[playground]: https://play.authzed.com
+[validation]: https://github.com/authzed/action-spicedb-validate
+[integration testing]: https://github.com/authzed/action-spicedb
+
+[storage system]: https://authzed.com/docs/spicedb/selecting-a-datastore
+[in-memory]: https://github.com/hashicorp/go-memdb
+[PostgreSQL]: https://www.postgresql.org
+[Spanner]: https://cloud.google.com/spanner
+[CockroachDB]: https://github.com/cockroachdb/cockroach
+[MySQL]: https://www.mysql.com
+
+[Prometheus]: https://prometheus.io
+[pprof]: https://jvns.ca/blog/2017/09/24/profiling-go-with-pprof/
+[OpenTelemetry]: https://opentelemetry.io
+
+[Google's Zanzibar paper]: https://authzed.com/zanzibar
+
+
 Below is an overview of the key features and components of SpiceDb's implementation of the Zanzibar algorithm.
 
 ### 1. **Architecture Overview**

diff --git a/content/docs/introduction/whyspicedb.md b/content/docs/introduction/whyspicedb.md
@@ -0,0 +1,46 @@
+---
+title: "Why SpiceDb?"
+description: ""
+summary: ""
+date: 2024-04-12T12:50:41-04:00
+lastmod: 2024-04-12T12:50:41-04:00
+draft: false
+weight: 14
+toc: true
+seo:
+  title: "" # custom title (optional)
+  description: "" # custom description (recommended)
+  canonical: "" # custom canonical URL (optional)
+  noindex: false # false (default) or true
+---
+
+Zanzibar-inspired systems like SpiceDb offer an evolved approach to access control compared to traditional RBAC. These systems enable dynamic and granular permission management that adjusts in response to changes in user relationships and roles, and are driven by a configurable schema.
+
+This schema-driven flexibility allows your permission system to be tailored to your specific business needs without extensive coding. Instead of being locked into a rigid set of predefined roles, you can configure and modify your permissions model as your organizational structures or business rules change. This makes SpiceDb not only adaptable but also significantly reduces the overhead and complexity typically associated with modifying access control systems.
+
+Furthermore, SpiceDb’s approach to managing permissions at the level of individual relationships ensures that permissions are accurately represented and enforced, reducing management complexity and improving system performance in demanding environments. It also maintains consistent and auditable access controls across different services, reducing discrepancies and enhancing security without compromising scalability.
+
+For developers and businesses of any size, adopting SpiceDb means investing in a flexible and adaptable authorization mechanism that evolves efficiently with your business needs.
+
+Here is an example of a simple schema that could be used to allow access control to a document:
+
+```
+
+  /** user represents a registered user's account in our application */
+  definition user {}
+  
+  /** document represents a document with access control */
+  definition document {
+    /** reader indicates that the user is a reader on the document */
+    relation reader: user
+  
+    /** writer indicates that the user is a writer on the document */
+    relation writer: user
+  
+    /** view indicates whether the user can view the document */
+    permission view = reader + writer
+  }
+
+```
+
+For more information on schema development, see [Developing a Schema](https://authzed.com/docs/spicedb/modeling/developing-a-schema)
diff --git a/hugo_stats.json b/hugo_stats.json
@@ -269,6 +269,7 @@
       "8-security-and-compliance",
       "9-community-and-support",
       "TableOfContents",
+      "a-brief-spicedb-history-lesson",
       "buttonColorMode",
       "conclusion",
       "configuration",
@@ -292,9 +293,11 @@
       "searchToggleDesktop",
       "searchToggleMobile",
       "socialMenu",
+      "spicedb-features",
       "spicedb-library-usage-guide-for-aspnet",
       "toTop",
-      "toc"
+      "toc",
+      "what-is-spicedb"
     ]
   }
 }
diff --git a/layouts/index.html b/layouts/index.html
@@ -7,7 +7,7 @@
 {{ end }}
     </div>
     <div class="col-lg-9 col-xl-8 text-center">
-      <p class="lead">Authorization That Scales</p>
+      <p class="lead">Powerful Access Control for .NET Applications with SpiceDb</p>
       <a class="btn btn-primary btn-cta rounded-pill btn-lg my-3" href="/docs/{{ if site.Params.doks.docsVersioning }}{{ site.Params.doks.docsVersion }}/{{ end }}introduction/overview/" role="button">Getting Started</a>
       {{ .Content }}      
     </div>