Reading Zanzibar
2 days ago
- #Scalability
- #Authorization
- Google's Zanzibar is a global authorization system designed for flexibility and scalability.
- Zanzibar's features include objects, users, namespaces, usersets, and userset rewrite rules for flexible authorization.
- The system uses a configuration language to define access rules, making authorization more manageable than embedding it in queries.
- Zanzibar is built for Google's scale, utilizing Spanner for distributed consistency and TrueTime for accurate timestamp ordering.
- Key components include aclservers, watchservers, and the Leopard indexing system to handle scalability and hot-spot issues.
- Zanzibar's implementation includes zookies for consistency, ensuring clients don't receive stale data.
- Several companies and open-source projects have been inspired by Zanzibar, with varying degrees of adherence to its original concepts.
- For smaller-scale needs, Zanzibar's complexity may be overkill, leading to a desire for simpler, library-based solutions.