Discover and read the best of Twitter Threads about #fgaatscale
Most recents (4)
1/ Let's continue exploring how the "Zanzibar" model allows us to solve #fgaatscale 👇
3️⃣ Correctness: no invalid permissions are granted
To provide "correct" answers, an ACL check needs to always read a "valid view" of the system.
3️⃣ Correctness: no invalid permissions are granted
To provide "correct" answers, an ACL check needs to always read a "valid view" of the system.
2/ "Valid" means: the full state read from storage should have existed at a "logical point in time" and includes all committed records at that point.
The picture provides a counterexample, a request should not read two different values from a namespace at different reads.
The picture provides a counterexample, a request should not read two different values from a namespace at different reads.
3/ Similarly, new tuples should not "show up" in a request's query replies while it executes.
This applies to:
- in progress transactions
- records committed in the lifetime of the request
Summarizing: reads should be consistent at a "logical timestamp" within a request.
This applies to:
- in progress transactions
- records committed in the lifetime of the request
Summarizing: reads should be consistent at a "logical timestamp" within a request.
1/ Back after last week's break 😴, ready to talk about why we picked the "Zanzibar model" for project #sandcastle: 👇
2/ We've shared the 5 things needed to solve #fgaatscale
Let's explore high-level how "Zanzibar" works and how it meets those needs
research.google/pubs/pub48190/
facebook.com/atscaleevents/…
Let's explore high-level how "Zanzibar" works and how it meets those needs
research.google/pubs/pub48190/
facebook.com/atscaleevents/…
3/ 0️⃣ Introduction
Zanzibar is a "Relationship based access control" (ReBAC) authorization system, i.e.: a user has access to an object if it has a particular relation to it.
Zanzibar stores (object, relation, user) "tuples" with data about these relations.
Zanzibar is a "Relationship based access control" (ReBAC) authorization system, i.e.: a user has access to an object if it has a particular relation to it.
Zanzibar stores (object, relation, user) "tuples" with data about these relations.
1/ We've analyzed the #fgaatscale problem:
We've shared our view on the market:
It's time to tell you what we are planning to build 🥁... 🧵
We've shared our view on the market:
It's time to tell you what we are planning to build 🥁... 🧵
2/ Project #sandcastle will be a globally distributed, highly reliable service for large scale, fine grained authorization.
It's based on @Google's Zanzibar paper: research.google/pubs/pub48190/, that powers #fgaatscale for @googledrive @googlecloud @YouTube and @Google other products!
It's based on @Google's Zanzibar paper: research.google/pubs/pub48190/, that powers #fgaatscale for @googledrive @googlecloud @YouTube and @Google other products!
3/ You'd:
1. Sign up for a subscription
2. Configure who has access to what
3. Pick an SDK for your favorite language/tool
4. (optionally) Feed your authZ data from existing sources into #sandcastle
That's the ideal future. At this point you'd have AuthZ for your app 🤯
1. Sign up for a subscription
2. Configure who has access to what
3. Pick an SDK for your favorite language/tool
4. (optionally) Feed your authZ data from existing sources into #sandcastle
That's the ideal future. At this point you'd have AuthZ for your app 🤯
1/ Having analyzed the @github and @googledrive #fgaatscale cases, we'll share our view on the authz market.
We'll go over what is currently being addressed and what the gaps are👇
We'll go over what is currently being addressed and what the gaps are👇
2/
As we've mentioned before, solving #fgaatscale requires:
1️⃣ Permission modelling flexibility
2️⃣ Auditing capabilities
3️⃣ Correctness: no invalid permissions are granted
4️⃣ Low Latency
5️⃣ High availability
As we've mentioned before, solving #fgaatscale requires:
1️⃣ Permission modelling flexibility
2️⃣ Auditing capabilities
3️⃣ Correctness: no invalid permissions are granted
4️⃣ Low Latency
5️⃣ High availability
3/ Solving #fgaatscale is becoming a need because:
☝️ Users expect collaboration features in most products they used, and that requires FGA
✌️ Increasing privacy and compliance regulations require companies in different verticals to restrict access as much as possible
☝️ Users expect collaboration features in most products they used, and that requires FGA
✌️ Increasing privacy and compliance regulations require companies in different verticals to restrict access as much as possible
