Logo for domains_euc

Google Domains - RPC Security, User Authorization

Google Cloud Identity and Authentication

I wrote an RPC security layer for Google Domains that checks user authorization, validates request, and introduced type-safe API credential requirements to reduce programmer error.


  • Credentials carried in code by immutable objects allowing explicit privilege escalation and deescalation. Previous solution used mutable global variable
  • Credential objects had type hierarchy allowing differentiation on user-scoped, admin, and anonymous credentials. These improved readability of code and allowed enforcing credentials at the type-level for APIs.
  • Unified request authorization and validity checking to ensure basic security checks in all servers, instead of previous server-specific checks and assumptions.
  • Automated support user and engineer admin access audit logging.


  • Rolled out safely to 8 servers and 15 internal APIs.
  • Brought Domains in line with Google-wide data security standards.
  • Gave tech talk to educate team about data security standards and the new layer I wrote.
  • Team expert for user security and credentials - consulting for Domains engineers and debugging many security issues over the years.
Visit Google Domains