Show:
Monoliths
Microservices
List
F I L T E R I N G
Architecture
Band-aids
100

What's the difference between a monolith and microservices?

# of services and # of databases

100

Why is syncing hard?

Lots of work to set up syncing, reconciliation, monitoring, etc. to prevent data drift

100

What is list filtering?

Showing a list in app where a portion of the list needs to be flittered 

100

What is a request?

When you do a thing in an app, it flows through the app to make things happen

100

What happens when you want to audit the authorization logic?

  1. Similarly, if authZ logic is just intermingled with the rest of the backend logic; and it’s spread all throughout the app…good luck to the security team responsible for checking that it’s all set up the way they intended
  2. They might have to pull out THOUSANDS or TENS OF THOUSANDS of places that authZ stuff is happening in the codebase
200

Why is authorization less painful in a monolith?

1 database

200

What does Zanzibar do?

Centralizes all log and all data

200

What is an example of list filtering in Slack?

Seeing all of the channels that I have access to 
200

What is uptime & latency?

Uptime: % of time that the app responds

Latency: how long it takes to respond

200

Why are there a lot of bugs in a custom authz solution

  1. Ideally, engineers would like to make small changes and test them incrementally
  2. With authz logic spread throughout the app and not modeled in any consistent way, it’s really hard to test if authorization is working as you expect — especially after you make a change
300

Can you describe the architecture of a monolith?

1 frontend, 1 backend, 1 database

300

what are the 2 main problems with list filtering in a zanzibar model?


1. syncing

2. perf

300

Why is lit filtering hard? 

Performance. If this moves slowly, it's a bad user experience (imagine if it took 1 minute to open up Amplemarket and see all of my sequences)

300

How does authorization fit into the frontend?

What can a use see?

300

If logic is spread throughout an app, what happens when you want to add new features?

You need to find every place in the app to go and update the logic

400

Why would a monolith use a DSL?

To be able to express logic clearly

400

Can you give an example of an authorization question that would be hard to answer in an app with microservices?

Why is it hard?

Pulling a list of all of your accounts in SalesForce

Multi stage filtering

1. first we see accounts in your org (data sits in one service)

2. Then we see the ones assigned to you (data sits in another service)


400

Where in the app does list filtering happen? Why?

Database - it's too computationally intensive to happen in app code

400

If an app has multiple services feeding to >1 database but not servicing the same core app, how painful is authorization/list filtering?

Not that painful

400

What are 4 hard things that happen when in a custom authz solution?

Hard to express logic clearly and the logic is spread throughout the app so:

1. Hard to maintain and add new features

2. Hard to test (bugs)

3. Hard to audit

500

Why would a monolith use a library?

You can centralize authz logic behind an API using a library to solve enforcement 

500

Why is authorization hard in microservices?

Authorization – and in particular, list filtering – is hard in microservices because we want to centralize authorization, but the data is spread out across multiple services. And these 2 things are fundamentally at odds with each other

500

Which applications need list filtering?

If you have fine grained authz, you need list filtering


500

Why is authorization on the critical path?

Everything in an app relies on authorization. If we're down, our customers are down

500

What happened with Intercom?

  1. Started with simple app to do customer chats on web site
  2. Started adding more and more features over time
  3. Added more and more roles over time
  4. Became the # 1 source of bugs