Assume that you are implementing the following two services:
Service 1: Authentication. Given an id, password, and MFA token, verify that they correctly identify a user. Return a cookie that indicates the holder has been authenticated as this user.
Service 2: Authorization. Given a cookie indicating an authenticated user, and an operation requested by that user, determine if that user can perform that operation. For example, the user may be able to read and write files they created, only list the names of files created by their coworkers, and not be able to learn anything about files created by anyone outside their company.
For each service, answer the following:
Should it be global or regional?
Complete There Is No Getting Around It: You Are Building a Distributed System, Implementation (p. 69)–Conclusion (p. 70).
Points to look for:
Up to this point, the article has described choices in system architecture. These last sections describe the choices you have to make when implementing your chosen architecture:
By the way, if you’re intrigued by the notion of the Netflix Chaos Monkey, see The Antifragile Organization, which describes that system and others like it. We’ll read that article around the middle of the course.