How Uber Reinvented Access Control for Microservices
Summary
Uber developed Charter, an attribute-based access control (ABAC) system, to manage authorization across its thousands of microservices, which require decisions in microseconds. Traditional access control proved insufficient for complex conditions involving user location, time of day, or data relationships. Charter centralizes policy management and distributes policies to services, where a local library, authfx, evaluates them. The system defines authorization requests using Actor, Action, Resource (UON format), and Context. ABAC extends this by adding conditions, which are Boolean expressions evaluated against attributes fetched from various Attribute Stores (Policy Information Points) at runtime. Uber selected Google's Common Expression Language (CEL) for condition expressions due to its familiar syntax, data type support, built-in functions, and microsecond-level performance. This approach allows for dynamic, fine-grained, and scalable authorization, as demonstrated by a single generic policy managing thousands of Kafka topics based on dynamic ownership data from the uOwn service.
Key takeaway
For Software Engineers building or maintaining large-scale microservice architectures, adopting an ABAC system like Uber's Charter can significantly enhance security and operational agility. You can define complex, dynamic authorization policies that adapt to changing attributes without code deployments, reducing maintenance overhead and improving precision. Consider leveraging existing expression languages like CEL and structuring your authorization requests around Actor, Action, Resource, and Context to streamline implementation.
Key insights
Attribute-based access control (ABAC) provides dynamic, fine-grained authorization for complex, large-scale microservice architectures.
Principles
- Centralize policy management, distribute enforcement.
- Separate policy from application code.
- Evaluate conditions against runtime attributes.
Method
Define authorization as Actor, Action, Resource, Context. Use an expression language (like CEL) to evaluate conditions against attributes fetched from dedicated attribute stores (PIPs) at runtime for dynamic, fine-grained access control.
In practice
- Use SPIFFE for actor identification.
- Represent resources with URI-style UONs.
- Implement lazy attribute fetching for efficiency.
Topics
- Attribute-Based Access Control
- Uber Charter System
- Common Expression Language
- Microservice Authorization
- Policy Management
Best for: Software Engineer, Security Engineer, DevOps Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by ByteByteGo Newsletter.