ReBAC

Relationship-Based Access Control. Authorization is computed by traversing a graph of relationships between subjects and resources. Popularized by Google's Zanzibar paper. Modern implementations include Authzed SpiceDB, OpenFGA, and Permify.