Google Zanzibar
Authorization software system
From Wikipedia, the free encyclopedia
Zanzibar is an authorization system developed by Google for managing access control. It was first described in a research paper presented at the 2019 USENIX Annual Technical Conference. Zanzibar supports authorization for several Google services, including Google Drive, Google Photos, and YouTube.[1]
Overview
Zanzibar functions as an authorization service. It processes access control queries from client applications and stores access control lists (ACLs) expressed as relationship tuples under a relationship-based access control (ReBAC) model. Each tuple represents a subject, a relation, and an object. The system is designed to provide consistency, fault tolerance, and scalability for applications with large user bases.[1]
Architecture
Zanzibar's architecture includes several core components:[1]
- Distributed database: Built on Google Spanner to maintain data consistency across data centers.
- Caching layers: Uses server-level and inter-service caching to reduce latency.
- Global replication: Replicates authorization data across geographic regions to improve availability.
- Namespace configuration: Client services define object types, relationships, and authorization rules.
- Decoupled logic: Queries such as "Does user X have permission Y on object Z?" return Boolean results.
- Zookies: Opaque consistency tokens used to ensure authorization checks are evaluated against a snapshot at least as recent as the version of the content being accessed.[2]
Performance
The system uses techniques such as cache prefetching and selective invalidation of frequently accessed permissions to reduce latency.[1]
Relationship to ReBAC
Zanzibar employs relationship-based access control (ReBAC), in which authorization decisions depend on relationships between entities rather than predefined roles. In contrast, role-based access control (RBAC) assigns permissions based on user roles. Zanzibar's use of ReBAC enables dynamic access control in collaborative environments such as document-sharing systems.[1]
Industry influence
The Zanzibar research paper has influenced the design of other authorization systems based on ReBAC principles. Examples include Airbnb's internal system Himeji and several open-source projects that adopt similar models.[1]
Limitations
Implementing a Zanzibar-like system requires substantial engineering and infrastructure resources. Maintaining replication, caching, and schema configurations adds operational complexity. The tuple-based relationship model may fail to capture certain policy logic, requiring integration with additional rule-based or policy engines.[1]