Google Zanzibar – Modeling Permission Boundaries and Set Intersection

1 points by jon-whit ↗ HN
I've taken particular interest in the Google Zanzibar paper recently (https://research.google/pubs/pub48190/).

For the sake of learning and to satisfy my own curiosity I'm attempting to rebuild the primary features it offers using strictly open-source software. If you're interested, take a look! https://github.com/jon-whit/zanzibar-poc

I'm particularly interested in how the model works with disjoint intersections of relation tuples.

Particularly, if a user has a maximum level of permissions (e.g. a permission boundary) in addition to a set of shared/granted permissions, how would that be modeled in Zanzibar's model?

Let's say you have the following model:

PermissionBoundary { id : string, permissions : []string }

User { id : string, boundaryId : string // FK on PermissionBoundary }

The effective permissions a user has is composed of the joint intersection of the permission boundary permissions and the shared permission (relations) on the object.

effectivePermissions = boundary.permissions & shared.permissions

I know the paper mentions userset rewrites that can express intersection, but I'm having a hard time modeling how it actually works with join/swing tables like my model above demonstrates.

0 comments

[ 3.6 ms ] story [ 7.7 ms ] thread

No comments yet.