How Airbnb designed and scaled its central authorization system - Himeji

Поділитися
Вставка
  • Опубліковано 22 гру 2024

КОМЕНТАРІ • 33

  • @adianimesh
    @adianimesh 2 роки тому +3

    such a beautiful design with simple building blocks ! Also congratulations Arpit .. well deserved :)

  • @sachinsindhu4182
    @sachinsindhu4182 Рік тому +1

    what is the issue with having authorisation being done by service owning that resource . In the approach discussed in video , every service need to send entity and ownership information to auth service(this can be done by change detection). I don't understand the need of it. I think auth service should authenticate user and pass on responsibility of authorisation to service owning that resource or entity. In approach discussed in video if there is a new type of entity two teams will need to coordinate to handle authorisation .

  • @nithinkumar7324
    @nithinkumar7324 Рік тому +2

    How do we implement permissions to create a specific resource with this schema? e,g, with this model, we can derive if the user has write permission on listing id#10. But how can we derive the user has create permission on listing resource

  • @RakeshKumarSahu1987
    @RakeshKumarSahu1987 2 роки тому +2

    Being an embedded software engineer....great content to understand a distributed system and its database design concepts

  • @gigachad400
    @gigachad400 Рік тому +2

    Zanzibar paper a must read for this to understand along with that there are permissions defining languages which visualise it and store it in dbs

  • @sunnykumarsingh7039
    @sunnykumarsingh7039 Рік тому +1

    But there are going to multiple reference for the listing:$x @ RESERVATION # ___? Right? Might have to go through multiple enitites to get if the user:123 has any reservation reference or not ?
    Am I thinking right? Anyone?

  • @Polbose
    @Polbose 6 місяців тому

    One of a kind, always great content!

  • @rajeshseptember09
    @rajeshseptember09 Рік тому +2

    Can someone tell me - if cache invalidation does not happen instantly and if a unauthorized user (who previously had access) tries to access a resource, we grant them access and this could be serious. How do we make sure that the lag in cache invalidation does not affect authorization (or access to specific resources) ? Can someone think of any specific approaches to overcome this ?

    • @niravkapoor3261
      @niravkapoor3261 Рік тому

      This is called as "enemy problem" " and google uses Zookie cookie to tackle this. Read a cookie cookie in google zanzibar papaer.

  • @swanv951
    @swanv951 5 місяців тому

    @Arpit, When you don't find entry for the user in the cache, how would you know whether (a) it was not in the cache but present in DB, or, (b) the entry is not in the DB because the user is not authorized? would you always hit the DB in that case, and if so, would the cache be useful only for positive scenarios?

  • @abhishekkoranga1378
    @abhishekkoranga1378 2 роки тому +2

    Arpit, what if user reads from the cache before kafka finishes cache invalidation , which is possible. Isn't it a flaw ?

    • @girishanker3796
      @girishanker3796 6 місяців тому

      The chances of this happening is highly unlikely. My thought would be to use a write through cache along with a read through.( cons :- cache is a single point of failure(distributed cache would be helpful) , first hit will always be a cache miss, extra added latency of writing to cache and writing to Database(2 phase commit) pros :- strong consistency b/w db and cache). Here acc to the diagram it looks like a cache aside pattern. (I could be wrong)

  • @xooq_
    @xooq_ Рік тому

    how would you implement this in a multi tenant setup?

  • @ianshumansingh
    @ianshumansingh 2 роки тому +3

    Great Content

  • @duongdo4259
    @duongdo4259 3 місяці тому

    Great explanation. Does this system work for fetching all resources that a user have permission to?

    • @AsliEngineering
      @AsliEngineering  3 місяці тому +1

      That is not the primary usecase of the service. System is optimised for quick lookup of A access to B. So even if finding all resources that A has access to takes time that is okay.

  • @k.k.gayansanjeewa7432
    @k.k.gayansanjeewa7432 Рік тому

    By this way m they have micro level action handling capability

  • @yashrode7818
    @yashrode7818 9 місяців тому

    great stuff!

  • @rjarora
    @rjarora 2 роки тому

    Has Airbnb also open sourced its Himeji codebase? Or do we have to write from scratch? @Arpit

  • @PavanKumar-g7v1q
    @PavanKumar-g7v1q 3 місяці тому

    Amazing!

  • @arsyaswanth5
    @arsyaswanth5 2 роки тому +1

    Another great video.

  • @rjphotos2393
    @rjphotos2393 2 роки тому

    I still don't think that the rule engine is good enough for complex cases. Ex, what would be the query for this - Allow READ for property 1 if a user referred 10 people between 1 nov and 7 nov to visit that property page?

    • @AsliEngineering
      @AsliEngineering  2 роки тому

      This is extremely contextual and has to be part of business logic or a highly attuned data model.

    • @rjphotos2393
      @rjphotos2393 2 роки тому

      @@AsliEngineering Got it. So basically, Himeji is most suitable for basic and less contextual logic, right?

  • @soumyaranjanpatel1346
    @soumyaranjanpatel1346 Рік тому

    Amazing

  • @Su_Has
    @Su_Has Рік тому

    confused, why is read union of read and write?

    • @Su_Has
      @Su_Has Рік тому

      is it like an OR condition

    • @akasakasad
      @akasakasad Рік тому

      @@Su_Has yes it's like an OR condition. User with write priviledges also has the priviledge to write it

  • @dpm_07
    @dpm_07 2 роки тому +1

    Pass..... Bit complicated for me 😐

  • @pritambios
    @pritambios Рік тому

    Too much costly design. just to implement Authorization 😐

    • @AsliEngineering
      @AsliEngineering  Рік тому +1

      Needed for a company that operates such a massive scale. There are far too many entities and actions craving ACL.

  • @sudoupdate
    @sudoupdate Рік тому

    But you have assumed here that part of the entity won't be a nested object.
    For example, what if a comment is a nested object and I need granular control of authorization over the sub-part of the part of entity ?

    • @sudoupdate
      @sudoupdate Рік тому

      We may represent a part of the entity using the dot notation to capture the path.
      example: entityType:entityID:part.sub-part1.sub-part2