Don’t miss out: your free pass to Monster SCALE Summit is waiting! 50+ engineering talks on AI, databases, Rust, and more. (Sponsored)Monster SCALE Summit is a new virtual conference all about extreme-scale engineering and data-intensive applications. Join us on March 11 and 12 to learn from engineers at Discord, Disney, LinkedIn, Uber, Pinterest, Rivian, ClickHouse, Redis, MongoDB, ScyllaDB and more. A few topics on the agenda:
Bonus: We have 500 free swag packs for attendees. And everyone gets 30-day access to the complete O’Reilly library & learning platform. Uber’s infrastructure runs on thousands of microservices, each making authorization decisions millions of times per day. This includes every API call, database query, and message published to Kafka. To make matters more interesting, Uber needs these decisions to happen in microseconds to have the best possible user experience. Traditional access control could not handle the complexity. For instance, you might say “service A can call service B” or “employees in the admin group can access this database.” While these rules work for small systems, they fall short when you need more control. For example, what if you need to restrict access based on the user’s location, the time of day, or relationships between different pieces of data? Uber needed a better approach. They built an attribute-based access control system called Charter to evaluate complex conditions against attributes pulled from various sources at runtime. In this article, we will look at how the Uber engineering team built Charter and the challenges they faced. Disclaimer: This post is based on publicly shared details from the Uber Engineering Team. Please comment if you notice any inaccuracies. Understanding the Authorization RequestBefore diving into ABAC, you need to understand how Uber thinks about authorization. Every access request can be broken down into a simple question: Can an Actor perform an Action on a Resource in a given Context? Let’s understand each component of this statement:
The host portion of the UON is called the policy domain. This acts as a namespace for grouping related policies and configurations. The Charter SystemAs mentioned, Uber built a centralized service called Charter to manage all authorization policies. Think of Charter as a policy repository where administrators define who can access what. This approach offers several advantages over having each service implement its own authorization logic. See the diagram below: Policies stored in Charter are distributed to individual services. Each service includes a local library called authfx that evaluates these policies. The architecture works as follows:
Turn Search Engines Into APIs for Your App (Sponsored) |