This paper details Zanzibar, Google's globally distributed authorization system, designed to manage access control lists (ACLs) at a massive scale. Zanzibar uses a flexible data model and configuration language to handle diverse access control policies for numerous Google services, achieving high availability and low latency. The system maintains external consistency, respecting the causal order of ACL changes, and employs techniques like caching and request hedging to handle high request volumes and hot spots. The authors present the system's architecture, implementation, and lessons learned from years of operation, highlighting challenges and solutions in building a consistent, world-scale authorization system. The paper also explores related research in access control and distributed systems.

https://www.usenix.org/system/files/atc19-pang.pdf