Auth0 is building the next generation access control SaaS based on Google Zanzibar.

Auth0 is building the next generation access control SaaS based on Google Zanzibar. Join the Dev Preview waitlist

A Globally Distributed Authorization System

Zanzibar handles authorization for YouTube, Drive, Google Cloud and all of Google's other products

Zanzibar is flexible, global and fast.

Zanzibar allows Google teams to specify their unique authorization models, globally replicates authorization data and responds to access checks blazing fast.

Basics

Editors -> Viewer

Groups

Folders

Namespace configurations specify the types of objects in a system and how users (or other objects) can relate to them. Relation tuples represent the current state of the system.

Namespace

name: "doc"
relation { name: "editor" }
relation { name: "viewer" }
relation { name: "owner" }

Previewer

Tuples

Kim

owner

of the

doc:roadmap

Ben

editor

of the

doc:roadmap

Carl

viewer

of the

doc:slides

Query

Carl

viewer

doc:slides

Yes, Carl -> viewer of doc:slides

user

relation

object

Step

Architecture

Global and Consistent

Zanzibar globally replicates data using Google Spanner, allowing it to run on all geographic regions where Google products run without sacrificing (external) consistency.

Scalable

Zanzibar scales to trillions of objects, billions of users and millions of authorization requests per second.

Fast

Zanzibar runs geographically close to its clients, and uses techniques such as secondary indexing for heavily nested groups, request hedging and distributed caching to keep tail latencies low.