back to talks
discussion · Code of Architecture

White paper: Zanzibar: Google's Consistent, Global Authorization System

March 20, 2023 · Code of Architecture · Kod Zheltyy

A special Code of Architecture episode on Google Zanzibar: how to build a global authorization system, express access through relationship tuples, work with ReBAC, and apply the paper's ideas through open source implementations such as SpiceDB.

Discussion focus

  1. 01Why are classic RBAC and ABAC often not enough for complex product systems?
  2. 02How does ReBAC describe access through users, objects, and their relationships?
  3. 03How does Zanzibar store relationship tuples and evaluate authorization checks?
  4. 04How can consistency, replication, caching, and low latency be combined in an authorization service?
  5. 05Which engineering tradeoffs appear when adopting a Zanzibar-like model?
  6. 06When should teams look at open source implementations such as SpiceDB, and how can they fit into an architecture?