1/ Back after last week's break π΄, ready to talk about why we picked the "Zanzibar model" for project #sandcastle:
https://twitter.com/Auth0Lab/status/1329117696328425473?s=20π
2/ We've shared the 5 things needed to solve #fgaatscale
Let's explore high-level how "Zanzibar" works and how it meets those needs
research.google/pubs/pub48190/
facebook.com/atscaleevents/β¦
https://twitter.com/Auth0Lab/status/1326606869532696576?s=20
Let's explore high-level how "Zanzibar" works and how it meets those needs
research.google/pubs/pub48190/
facebook.com/atscaleevents/β¦
3/ 0οΈβ£ Introduction
Zanzibar is a "Relationship based access control" (ReBAC) authorization system, i.e.: a user has access to an object if it has a particular relation to it.
Zanzibar stores (object, relation, user) "tuples" with data about these relations.
Zanzibar is a "Relationship based access control" (ReBAC) authorization system, i.e.: a user has access to an object if it has a particular relation to it.
Zanzibar stores (object, relation, user) "tuples" with data about these relations.
4/ To express that "anne@auth0.com" is an owner of the "RFC 100" doc a tuple like the following would be written:
{
"object": "RFC 100"
"relation": "owner"
"user": "anne@auth0.com"
}
{
"object": "RFC 100"
"relation": "owner"
"user": "anne@auth0.com"
}
5/ 1οΈβ£ Permission model flexibility
Objects often support many relations with users, e.g.: 'viewer' or 'editor' for a document.
Clients define a "namespace configuration" to specify the set of relations that users can have to objects of a type, and how those relations interact.
Objects often support many relations with users, e.g.: 'viewer' or 'editor' for a document.
Clients define a "namespace configuration" to specify the set of relations that users can have to objects of a type, and how those relations interact.
6/ To check if a user U has a relation R to an object O, clients call the"check" RPC :
check(O, R, U) returns bool
Zanzibar supports the following cases (this is a simplification):
- Direct: user itself has a relation to the object
check(O, R, U) returns bool
Zanzibar supports the following cases (this is a simplification):
- Direct: user itself has a relation to the object
7/ - Group: user belongs to a "group", the group has the relation to the object. However, groups are not a special construct. Group membership is defined by relations as well, e.g.:
{
"object": "group:auth0/admins"
"relation": "member"
"user": "beth@authh0.com"
}
{
"object": "group:auth0/admins"
"relation": "member"
"user": "beth@authh0.com"
}
8/ - Replace: given relation R1, if U has relation R1 to O, then it also has relation R. This is useful for concentric permissions such as: all writes are readers.
9/ - Indirect: allows expressing "viewers of the folder (parent) are viewers of all items in the folder (children)"
This simple, yet powerful model powers authorization for @googledrive @YouTube @googlecloud and more!
This simple, yet powerful model powers authorization for @googledrive @YouTube @googlecloud and more!
10/ 2οΈβ£ Auditing
The Zanzibar paper does not talk about auditing, but the model is audit friendly π:
- Namespace config changes can be both explicitly approved and logged
- Tuple writes can be logged as part of the write path, since writes are not latency sensitive
The Zanzibar paper does not talk about auditing, but the model is audit friendly π:
- Namespace config changes can be both explicitly approved and logged
- Tuple writes can be logged as part of the write path, since writes are not latency sensitive
11/ - Checks can be (async) logged to determine who tried to access what, when
π Having consistently formatted logs come from a single system has many uses: anomaly detection and response, usage analysis, etc.
---
π We'll continue exploring the 3 remaining needs tomorrow
π Having consistently formatted logs come from a single system has many uses: anomaly detection and response, usage analysis, etc.
---
π We'll continue exploring the 3 remaining needs tomorrow
β’ β’ β’
Missing some Tweet in this thread? You can try to
force a refresh
γ
