Google Zanzibar is the global authorization service that powers access control across products like Google Docs, YouTube, and Cloud IAM. Designed to handle more than 10 million client queries per second, Zanzibar demonstrates how to achieve global-scale authorization with flexible consistency guarantees. This session unpacks the engineering principles behind Zanzibar and provides a practical guide for building similar systems.

Starting with the fundamentals of Relationship-Based Access Control (ReBAC), the talk explores how Zanzibar achieves correctness, scalability, and speed. Attendees will learn about the system’s APIs, how it manages consistency in a distributed environment, and how Google solved the “New Enemy” problem to maintain secure, real-time access control. The session concludes with a look at open-source tools and design patterns that can help teams implement Zanzibar-inspired authorization in their own applications.

What You Will Learn

• The core ideas behind Google Zanzibar and Relationship-Based Access Control (ReBAC)

• How to design globally consistent, distributed authorization systems at scale

• How to use open-source frameworks and patterns to add scalable authorization to your applications

Who Should Attend

Software architects, backend engineers, security engineers, and developers building distributed systems that require fine-grained, consistent, and scalable access control.