Google Domains - RPC Security, User Authorization
I wrote an RPC security layer for Google Domains that checks user authorization, validates request, and introduced type-safe API credential requirements to reduce programmer error.
- Credentials carried in code by immutable objects allowing explicit privilege escalation and deescalation. Previous solution used mutable global variable
- Credential objects had type hierarchy allowing differentiation on user-scoped, admin, and anonymous credentials. These improved readability of code and allowed enforcing credentials at the type-level for APIs.
- Unified request authorization and validity checking to ensure basic security checks in all servers, instead of previous server-specific checks and assumptions.
- Automated support user and engineer admin access audit logging.
Visit Google Domains
- Rolled out safely to 8 servers and 15 internal APIs.
- Brought Domains in line with Google-wide data security standards.
- Gave tech talk to educate team about data security standards and the new layer I wrote.
- Team expert for user security and credentials - consulting for Domains engineers and debugging many security issues over the years.