Explore a 21-minute conference talk from USENIX ATC '19 detailing Google's Zanzibar, a global authorization system. Delve into the design, implementation, and deployment of this innovative solution for storing and evaluating access control lists. Learn how Zanzibar provides a uniform data model and configuration language, enabling hundreds of Google services to express diverse access control policies. Discover how the system maintains external consistency, scales to trillions of access control lists, and handles millions of authorization requests per second. Gain insights into Zanzibar's impressive performance metrics, including its sub-10 millisecond 95th-percentile latency and 99.999% availability over three years of production use. Examine the system's architecture, consistency protocol, and implementation techniques that support services used by billions of people worldwide.
Zanzibar - Google’s Consistent, Global Authorization System
Overview
Syllabus
Intro
Authorization checks are central to preserving privacy
Zanzibar stores access control lists (ACLS)
and performs authorization checks based on stored ACLS
Zanzibar is.
New enemy protection
Consistency protocol
Implementation techniques
Deployment
Check queries per second
Check Safe latency
Summary
Taught by
USENIX
