Hacker News new | ask | show | jobs
by comboy 1088 days ago
Can anybody explain me why there seem to be much focus on scalability in this context? I mean we have 8 billion people. If the whole planet registers, home PC can handle it, plus it partitions beautifully if necessary in case of authentication. So what am I missing?
1 comments
smarx007 1088 days ago
Forget about 8B people in this context. If you have 1000 microservices in the company and each has 100 rps, you are looking at ca. 100k rps to a Zanzibar-style system to authorize every request (not to authenticate a user).
link
dietr1ch 1087 days ago
Why does it need to be checked on a per-request level?

I'd expect you to be able to give short-lived capability tokens to clients that each machine can verify down the stack without making new rpcs. This would avoid the fan-out of all the internal services.

Is it just to prevent abuse?

link
akajla 1087 days ago
You can encode capabilities/permissions as scopes in distributed tokens (e.g. OAuth) but this can start to break down if you have very granular, fine-grained permissions (e.g. user:1 has 'editor' access to 1000s of documents/objects). This is similar to the problem that Carta ran into while building out their permissions[1].

In addition, yes - validating permissions on each request makes it so that you can revoke privilege(s) with immediate effect without needing a token to be invalidated.

[1] https://medium.com/building-carta/authz-cartas-highly-scalab...

link
smarx007 1087 days ago
I think it's best to refer to the Zanzibar paper: https://www.usenix.org/system/files/atc19-pang.pdf
link
zcw100 1087 days ago
... or the annotated one from the Authzed folks https://authzed.com/zanzibar
link
smarx007 1087 days ago
Wow, I am also impressed by the tech behind! https://github.com/authzed/zanzibar-annotated
link
dietr1ch 1087 days ago
That's neat! All papers should allow this discussion on them.

BTW, didn't Google released something like it too early?

link
AlphaSite 1087 days ago
Does the token identify every resource you have access to? I think is for multi tenant applications with fine grained access control.
link
paulddraper 1087 days ago
"Oh, you just [insert complex solution here]"

You need one capability token per principal and resource and perhaps access right.

link
mort96 1087 days ago
This isn't meant to invalidate what you're saying, but this whole thread reads like a parody to me. 1000 services all making requests to Zanzibar, and this oreo keto thing.

Makes me think of this: https://m.youtube.com/watch?v=y8OnoxKotPQ

link
sporkland 1086 days ago
You could apply to S3, RDS, BigTable, Spanner, Firestore, etc. I feel like engineer orthodoxy (monoliths vs microservices, every monolith I've seen accesses a remotely DB and every microservice tends to access a DB which are themselves monoliths), no "god" services tend to break down for a lot of these important high scale stateful facilities.
link
smarx007 1087 days ago
Pure gold.
link
comboy 1088 days ago
Thanks.
link