Zanzibar: Google's Consistent, Global Authorization System

Determining whether online users are authorized to access digital objects is central to preserving privacy. This paper presents the design, implementation, and deployment of Zanzibar, a global system for storing and evaluating access control lists. Zanzibar provides a uniform data model and configuration language for expressing a wide range of access control policies from hundreds of client services at Google, including Calendar, Cloud, Drive, Maps, Photos, and YouTube. Its authorization decisions respect causal ordering of user actions and thus provide external consistency amid changes to access control lists and object contents. Zanzibar scales to trillions of access control lists and millions of authorization requests per second to support services used by billions of people. It has maintained 95th-percentile latency of less than 10 milliseconds and availability of greater than 99.999% over 3 years of production use.

[1]  Brett D. Fleisch,et al.  The Chubby lock service for loosely-coupled distributed systems , 2006, OSDI '06.

[2]  David R. Karger,et al.  Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the World Wide Web , 1997, STOC '97.

[3]  J. T. Robinson,et al.  On optimistic methods for concurrency control , 1979, TODS.

[4]  Mahadev Konar,et al.  ZooKeeper: Wait-free Coordination for Internet-scale Systems , 2010, USENIX ATC.

[5]  Michael Burrows,et al.  The Chubby Lock Service for Loosely-Coupled Distributed Systems , 2006, OSDI.

[6]  Gian Luigi Ferrari,et al.  Essays Dedicated to Pierpaolo Degano on Programming Languages with Applications to Biology and Security - Volume 9465 , 2015 .

[7]  Martín Abadi,et al.  Authentication in the Taos operating system , 1994, TOCS.

[8]  Martín Abadi,et al.  Distributed Authorization with Distributed Grammars , 2015, Programming Languages with Applications to Biology and Security.

[9]  Christopher Frost,et al.  Spanner: Google's Globally-Distributed Database , 2012, OSDI.

[10]  Hui Ding,et al.  TAO: Facebook's Distributed Data Store for the Social Graph , 2013, USENIX Annual Technical Conference.

[11]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[12]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[13]  Luiz André Barroso,et al.  The tail at scale , 2013, CACM.

[14]  Jerome H. Saltzer,et al.  Protection and the control of information sharing in multics , 1974, CACM.

[15]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[16]  Jon Howell,et al.  Slicer: Auto-Sharding for Datacenter Applications , 2016, OSDI.

[17]  David Kenneth Gifford,et al.  Information storage in a decentralized computer system , 1981 .