discussion · Code of Architecture
White paper: Zanzibar: Google's Consistent, Global Authorization System
March 20, 2023 · Code of Architecture · Kod Zheltyy
A special Code of Architecture episode on Google Zanzibar: how to build a global authorization system, express access through relationship tuples, work with ReBAC, and apply the paper's ideas through open source implementations such as SpiceDB.
Discussion focus
- 01Why are classic RBAC and ABAC often not enough for complex product systems?
- 02How does ReBAC describe access through users, objects, and their relationships?
- 03How does Zanzibar store relationship tuples and evaluate authorization checks?
- 04How can consistency, replication, caching, and low latency be combined in an authorization service?
- 05Which engineering tradeoffs appear when adopting a Zanzibar-like model?
- 06When should teams look at open source implementations such as SpiceDB, and how can they fit into an architecture?