Himeji: A Scalable Centralized System for Authorization at Airbnb

Access Control at scale for a complex product

Overview

The article discusses Himeji, a scalable centralized system for authorization developed at Airbnb, which addresses challenges faced during the transition from a monolithic Ruby on Rails architecture to a service-oriented architecture. It highlights how Himeji centralizes authorization checks, improves performance, and maintains consistency across services.

What You'll Learn

1

How to implement centralized authorization checks in a service-oriented architecture

2

Why moving authorization checks to data services improves performance and consistency

3

How to utilize YAML-based configuration for permissions checks

4

When to use caching strategies to enhance system performance

Prerequisites & Requirements

  • Understanding of service-oriented architecture concepts
  • Familiarity with YAML for configuration management(optional)

Key Questions Answered

What problems does Himeji solve in authorization at Airbnb?
Himeji addresses issues of duplicate and inconsistent authorization checks that arose during Airbnb's transition to a service-oriented architecture. By centralizing authorization checks in data services, it eliminates redundancy and improves performance by reducing the need for multiple service calls.
How does Himeji's API for authorization checks work?
Himeji exposes a check API that allows data services to perform authorization checks using a simple boolean function. The API signature is 'check(entity, relation, principal)', enabling services to determine if a user has permission to perform a specific action on a resource.
What is the storage model used by Himeji?
Himeji uses a tuple-based storage model similar to Zanzibar, structured as 'entity # relation @ principal'. This model allows for flexible and efficient permission checks by representing complex relationships in a simplified format.
What performance metrics does Himeji achieve?
Himeji has scaled to serve 850k entities per second while maintaining an availability of 99.9990%. Its latency metrics include P50 at 1.8 ms, P95 at 7 ms, and P99 at 12 ms, demonstrating its efficiency in handling authorization checks.

Key Statistics & Figures

Throughput
850k entities/sec
Himeji's throughput in production as of March 2021
Availability
99.9990%
Himeji's availability metric over the last year
P50 Latency
1.8 ms
Median latency for authorization checks
P95 Latency
7 ms
95th percentile latency for authorization checks
P99 Latency
12 ms
99th percentile latency for authorization checks

Technologies & Tools

Some links below are affiliate links. We may earn a commission if you make a purchase.

Key Actionable Insights

1
Centralizing authorization checks can significantly reduce code duplication and improve maintainability across services.
By moving authorization logic from presentation services to data services, teams can ensure that permission checks are consistent and easier to manage, especially in large-scale applications.
2
Utilizing a centralized system like Himeji can enhance performance by minimizing the number of service calls required for authorization.
This approach not only speeds up response times but also reduces the load on individual services, leading to a more reliable system overall.
3
Implementing a YAML-based configuration for permissions checks allows for greater flexibility and easier updates to authorization logic.
This method enables developers to define complex permission relationships without needing to alter the underlying code, streamlining the process of managing access controls.

Common Pitfalls

1
Failing to centralize authorization checks can lead to inconsistent permission management across services.
When authorization logic is duplicated in multiple services, it becomes challenging to maintain and update, leading to potential security vulnerabilities and increased technical debt.
2
Overcomplicating permission configurations can hinder developer adoption and increase the likelihood of errors.
If the configuration for permissions becomes too complex, it can deter developers from effectively using the system, resulting in misconfigurations and access issues.

Related Concepts

Service-oriented Architecture
Centralized Authorization Systems
Caching Strategies
YAML Configuration Management