Zanzibar: {Google’s} Consistent, Global Authorization System

Ruoming Pang; Ramon Caceres; Mike Burrows; Zhifeng Chen; Pratik Dave; Nathan Germer; Alexander Golynski; Kevin Graney; Nina Kang; Lea Kissner; Jeffrey L. Korn; Abhishek Parmar; Christina D. Richards; Mengzhi Wang

Authors:

Ruoming Pang, Ramon Caceres, Mike Burrows, Zhifeng Chen, Pratik Dave, Nathan Germer, Alexander Golynski, Kevin Graney, and Nina Kang, Google; Lea Kissner, Humu, Inc.; Jeffrey L. Korn, Google; Abhishek Parmar, Carbon, Inc.; Christina D. Richards and Mengzhi Wang, Google

Abstract:

Determining whether online users are authorized to access digital objects is central to preserving privacy. This paper presents the design, implementation, and deployment of Zanzibar, a global system for storing and evaluating access control lists. Zanzibar provides a uniform data model and configuration language for expressing a wide range of access control policies from hundreds of client services at Google, including Calendar, Cloud, Drive, Maps, Photos, and YouTube. Its authorization decisions respect causal ordering of user actions and thus provide external consistency amid changes to access control lists and object contents. Zanzibar scales to trillions of access control lists and millions of authorization requests per second to support services used by billions of people. It has maintained 95th-percentile latency of less than 10 milliseconds and availability of greater than 99.999% over 3 years of production use.

Ruoming Pang, Google

Ramon Caceres, Google

Mike Burrows, Google

Zhifeng Chen, Google

Pratik Dave, Google

Nathan Germer, Google

Alexander Golynski, Google

Kevin Graney, Google

Nina Kang, Google

Lea Kissner, Humu, Inc.

Jeffrey L. Korn, Google

Abhishek Parmar, Carbon, Inc.

Christina D. Richards, Google

Mengzhi Wang, Google

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX

@inproceedings {234962,
author = {Ruoming Pang and Ramon Caceres and Mike Burrows and Zhifeng Chen and Pratik Dave and Nathan Germer and Alexander Golynski and Kevin Graney and Nina Kang and Lea Kissner and Jeffrey L. Korn and Abhishek Parmar and Christina D. Richards and Mengzhi Wang},
title = {Zanzibar: {Google{\textquoteright}s} Consistent, Global Authorization System},
booktitle = {2019 USENIX Annual Technical Conference (USENIX ATC 19)},
year = {2019},
isbn = {978-1-939133-03-8},
address = {Renton, WA},
pages = {33--46},
url = {https://www.usenix.org/conference/atc19/presentation/pang},
publisher = {USENIX Association},
month = jul
}

Download