undefined | Better HN

story

0 pointsdietr1ch2y ago0 comments

Why does it need to be checked on a per-request level?

I'd expect you to be able to give short-lived capability tokens to clients that each machine can verify down the stack without making new rpcs. This would avoid the fan-out of all the internal services.

Is it just to prevent abuse?

0 comments

akajla2y ago

You can encode capabilities/permissions as scopes in distributed tokens (e.g. OAuth) but this can start to break down if you have very granular, fine-grained permissions (e.g. user:1 has 'editor' access to 1000s of documents/objects). This is similar to the problem that Carta ran into while building out their permissions[1].

In addition, yes - validating permissions on each request makes it so that you can revoke privilege(s) with immediate effect without needing a token to be invalidated.

[1] https://medium.com/building-carta/authz-cartas-highly-scalab...

1 more reply

smarx0072y ago

I think it's best to refer to the Zanzibar paper: https://www.usenix.org/system/files/atc19-pang.pdf

zcw1002y ago

... or the annotated one from the Authzed folks https://authzed.com/zanzibar

smarx0072y ago

Wow, I am also impressed by the tech behind! https://github.com/authzed/zanzibar-annotated

dietr1chOP2y ago

That's neat! All papers should allow this discussion on them.

BTW, didn't Google released something like it too early?

AlphaSite2y ago

Does the token identify every resource you have access to? I think is for multi tenant applications with fine grained access control.

paulddraper2y ago

"Oh, you just [insert complex solution here]"

You need one capability token per principal and resource and perhaps access right.

j / k navigate · click thread line to collapse

0 comments

akajla2y ago

In addition, yes - validating permissions on each request makes it so that you can revoke privilege(s) with immediate effect without needing a token to be invalidated.

[1] https://medium.com/building-carta/authz-cartas-highly-scalab...

1 more reply

smarx0072y ago

I think it's best to refer to the Zanzibar paper: https://www.usenix.org/system/files/atc19-pang.pdf

zcw1002y ago

... or the annotated one from the Authzed folks https://authzed.com/zanzibar

smarx0072y ago

Wow, I am also impressed by the tech behind! https://github.com/authzed/zanzibar-annotated

dietr1chOP2y ago

That's neat! All papers should allow this discussion on them.

BTW, didn't Google released something like it too early?

AlphaSite2y ago

Does the token identify every resource you have access to? I think is for multi tenant applications with fine grained access control.

paulddraper2y ago

"Oh, you just [insert complex solution here]"

You need one capability token per principal and resource and perhaps access right.

j / k navigate · click thread line to collapse