So I finally laid an issue to rest that has been open for a while. This is the addition of a “Zookie” like functionality to the Apollo and thus Sky Oracle API. The Zookie is basically an opaque data type that represents comparable distributed time. Time is a strange beast in distributed systems, of course and it is of particular interest in authentication and authorization systems. Well, pretty much any system not a toy, frankly, but these systems in particular are really sensitive to the time ordering of events as well as the checking of assertions against the materialized view of these events.
Of course this is well laid out in the original Google Zanzibar paper and one should definitely read that to get a solid sense of why the ordering of events in a distributed authentication/authorization system matters a great deal. However, the TL;DR is that the authorization/authentication system must have already seen the state you are making the assertion about. The way you do this is with time, of course.
Time Enough For Wub
So in Sky the Oracle API represents the foundation of the authorization and authentication services to be built out. So I modified the Apollo Oracle API to return an unsigned long representing the time stamp of the mutating action – e.g. add/map/remove/etc. One can argue about whether an unsigned long – i.e. 8 bytes – is sufficient for these purposes but Sky isn’t producing millions of blocks per second, so perhaps this will work for my purposes. But in any event, Apollo/Sky simply uses the block height of the underlying SQL state machine powered by the underlying CHOAM engine (yes, it is quite hilarious to write that sentence).
Papers, Please
The usefulness of time is that we can now guarantee certainly security properties of Sky (assuming that they’re implemented correctly, of course). With these properties we can now create validation documents that provide timestamps of validation as well as cryptographic signatures and hash validation. Sky can now check assertions based on when the authnz state was valid. This prevents naughty folk from exploiting the underlying distributed nature of Sky/Apollo to their evil ways.
Frankly, this isn’t rocket science, of course. The use of the block height as a clock is a notion as old as the notion of a distributed ledger and this implementation in Apollo is particularly simple. The underlying SQL State machine knows about the CHOAM current block state of the database and it’s a simple SQL query to retrieve this value. The time assertion check is simplicity, of course, and just kind of works.
lol
So that’s kind of cool. Very pleased that was a simple job of a couple of hours for the Apollo implementation, and glad it was trivially simple to uptake in Sky.
Leave a Reply