While our customers tell us they appreciate our Authentication (AuthN) features, we’ve seen an increase in requests to expand our Authorization (AuthZ) offering to help builders accelerate their development. This is why we’ve released key features like Organizations and Roles.
While reading Google’s Zanzibar paper describing their global access system, we found the approach to be highly creative and inspiring. It had the flexibility to support so many of their products and was scalable, highly reliable, and extremely fast. Companies like Airbnb and Carta have developed their own version, and companies and new products are being built inspired by Zanzibar. This is why we believe that Authorization systems built using the Zanzibar model are going to grow in number over the next few years.
Zanzibar is Google’s global authorization system. It powers authorization for YouTube, Google Drive, Google Workspaces, Google Cloud Platform, and their other services. It drives Google’s core collaboration features like sharing a document with someone or sharing photos with a friend. Like anything Google makes, it has to scale to billions of users and trillions of digital objects. Creating an access control system for that many people and object combinations is a daunting task, and Google laid out how they did it in their 2019 Google Zanzibar paper. It talks about the different considerations and tradeoffs they made. Simplicity and extensibility were key considerations because Google needed to ensure that its internal teams could use the system for a wide array of use cases with certainty with how it would respond to their specific needs.
Zanzibar has steadily grown in popularity since the paper’s release. We set out this past year to talk with the organizations about their implementation experiences, and learn from what worked and didn’t work. You can find some of those discussions here.
We've always pushed to create content that is useful for the global development community and today we’re taking another important step in our Authorization journey by releasing the zanzibar.academy learning site. Zanzibar.academy is meant to help builders understand the value and power of Zanzibar style systems, much like JWT.io educates and spreads the understanding of the JSON Web Token standard. It’s a place for builders to learn the Zanzibar concepts in a progressive, guided way.