Surviving the Dual-Write Problem in Distributed Systems

The dual-write problem appears whenever a system must write to two services (such as a database and an authorization engine) and cannot guarantee atomicity across them. A crash at the wrong moment can leave your system inconsistent, even if each component works perfectly.

This talk explains why dual writes are fundamentally unsafe within a single process and what architects can do about it. We’ll explore practical patterns used in real-world distributed systems:

- Out-of-band reconciliation
- Making a single system the source of truth
- Event sourcing
- CQRS
- Durable execution frameworks like Temporal, and
- Transactional outbox designs.

Attendees will learn how to identify dual writes in their own architectures and choose the right mitigation strategy based on scale, consistency needs, and team maturity. This session gives engineers clear mental models and actionable tools for building reliable multi-service systems.

Stop Using JSON Web Tokens (JWTs) for Authorization!

JWTs (JSON Web Tokens) are everywhere—frontends, backends, microservices—and for good reason: they're easy to pass around, self-contained, and standardized. But while JWTs can be a solid fit for authentication, using them for authorization is a decision that comes with serious pitfalls—especially in distributed systems.

In this talk, we’ll explore the technical and security limitations of JWT-based authorization and explain why they're fundamentally incompatible with the needs of modern applications. From the infamous "New Enemy Problem" described in Google’s Zanzibar paper to the vague semantics of scope claims and the difficulty of revoking tokens in-flight, we’ll unpack the real-world consequences of treating JWTs as your AuthZ layer.

Topics covered in this talk include:

• Why stateless tokens fall short for Authorization
• How centralized, relationship-based models enable fine-grained, revocable, and context-aware permissions
• Concrete migration strategies and patterns for adopting centralized authorization

Securing RAG Pipelines with Fine Grained Authorization

Building enterprise-ready AI poses challenges around data security, accuracy, scalability, and integration. Firms are increasing efforts to mitigate risks associated with LLMs, particularly regarding sensitive data exfiltration of personally identifiable information and/or sensitive company data. The primary mitigation strategy is to build guardrails around Retrieval-Augmented Generation (RAG) to safeguard data while also optimizing query response quality and efficiency. 

To enable precise guardrails, one must implement permissions systems with advanced fine grained authorization capabilities such as returning lists of authorized subjects and accessible resources. Such systems ensure timely access to authorized data while preventing exfiltration of sensitive information, making RAGs more efficient and improving performance at scale. 

This session will cover how modern permissions systems can safeguard sensitive data in RAG pipelines. We'll start with why Authorization is critical for RAG pipelines to protect sensitive data from potential vulnerabilities and also the various techniques for permissions-aware data retrieval. The talk will also include a practical demo implementing fine-grained authorization for RAG using Pinecone, Langchain, OpenAI, and SpiceDB.

Securing MCP Servers with Fine-Grained Permissions

The Model Context Protocol (MCP) is quickly becoming the “USB-C for AI,” connecting LLMs to external systems and data. But while MCP standardizes interoperability, authorization remains dangerously underdeveloped. Without proper access control, MCP servers risk enabling the “lethal trifecta” of data breaches: private data access, untrusted inputs, and external exfiltration.

This talk explores why authorization is essential in MCP, starting with the current limitations of local and remote MCP servers. We’ll then dive deep into AuthZed’s reference implementations and the SpiceDB Dev MCP server, showing how permission systems can be prototyped, tested, and enforced. A live demo will illustrate how fine-grained authorization can be built directly into MCP servers, giving platform engineers, SREs, and architects the tools to make AI integrations secure by design.

How to Prevent AI Agents from Accessing Unauthorized Data

This workshop gives you hands-on knowledge on safeguarding sensitive data in RAG pipelines. You will learn two techniques

1. How to pre-filter a vector database queries with a list of authorized object IDs
2. How to retrieve relevant documents and then check for permissions using post-filter

Using fine-grained authorization in RAG improves security and efficiency. This workshop uses OpenAI, Pinecone, Langchain, Jupyter Notebook and SpiceDB.

Why is this important?

Building enterprise-ready AI requires ensuring users can only augment prompts with data they're authorized to access. Fine-grained authorization in Retrieval-Augmented Generation (RAG) can be achieved with Relationship-based Access Control (ReBAC). ReBAC enables decisions based on relationships between objects, offering more precise control compared to traditional models like RBAC and ABAC.

The pre-requisites for the workshop:

Access to a SpiceDB instance and API key
A Pinecone account and API key
An OpenAI account and API key
Jupyter Notebook and Python installed

Fine Grained Authorization fo AI Agents using ReBAC

It’s time for Day 2 Ops in the world of AI. Building enterprise-ready AI poses challenges around data security, scalability, and integration, especially in compliance-regulated industries. With the use of AI Agents, guardrails are needed to safeguard data while also optimizing query response quality and efficiency.

This session will cover how modern permissions systems can ensure AI Agents have access only to authorized data. The talk will look at why the Google Zanzibar model of authorization which uses Relationship-Based Access Control (ReBAC) is well suited for fine-grained authorization at scale. The talk covers the nuts and bolts of how this works as well as how to apply it to AI Agents, RAG Pipelines and similar LLM implementations.

The talk will also include a practical demo implementing fine-grained authorization for AI Agents + RAG using Open Source tools such as PGVector, Langchain, OpenAI, and SpiceDB.

Building Authorization for Agentic RAG systems

We’ve recently seen the rise of Retrieval Augmented Generation (RAG) systems. With the proliferation of AI Agents & LLMs in Enterprise, the next step in the evolution is Agentic RAG. But for widespread adoption of Agentic RAG systems in enterprise there’s one piece of the puzzle that needs to be solved and that’s fine-grained authorization.

This talk is a deep dive into how modern authorization systems can ensure that AI Agents have access only to authorized data. The talk will look at why the Google Zanzibar model of authorization which uses Relationship-Based Access Control (ReBAC) is well suited to handle dynamic, relationship-driven authorization at scale. The talk explains how the Google Zanzibar system works under the hood, and how to apply it to Agentic RAG with techniques such as pre-filteration and post-filteration. As a bonus also learn about how OpenAI achieves authorization at scale with ChatGPT Apps.

The talk will also include a live coding demo implementing authorization for Agentic RAG using Open Source tools such as Weaviate, Langchain, and SpiceDB.

Build global-scale Authorization in your web app with SpiceDB and Kubernetes

Open Worldwide Application Security Project (OWASP) publishes a yearly "Top 10 Security Risks for Web Apps" list. Guess what topped their list this past year?

Broken authorization.

This workshop will guide you through building global-scale authorization in your app. We will use SpiceDB - an open source Google Zanzibar-inspired database for creating and managing security-critical application permissions. In this workshop we will integrate authorization in a demo web application and then deploy it to Kubernetes. The workshop will be available in multiple programming languages as well as deployment targets.

Avoid data leakage in Agentic RAG by using ReBAC

We’ve recently seen the rise of Retrieval Augmented Generation (RAG) systems. With the proliferation of AI Agents & LLMs in Enterprise, the next step in the evolution is Agentic RAG. But this introduces a subtle but critical problem: authorization is no longer a single check, but a chain of decisions across tools, memory, and retrieval layers and this breaks more often than you expect.

This talk is a deep dive into how modern authorization systems can ensure that AI Applications have access only to authorized data. The talk will look at why the Google Zanzibar model of authorization which uses Relationship-Based Access Control (ReBAC) is well suited to handle dynamic, relationship-driven authorization at scale. The talk explains how the Google Zanzibar system works under the hood, and how to apply it to Agentic RAG with techniques such as pre-filteration and post-filteration. Learning these fundamentals might just prevent broken access control issues in your application.

The talk will also include a live coding demo implementing authorization for Agentic RAG using Open Source tools such as Weaviate, Langchain, and SpiceDB.

Build Authorization at Scale with Open Source ReBAC based on Google Zanzibar

Broken authorization currently tops OWASP's 'Top 10 Security Risks for Web Apps' list.

Their recommendation to fix this? Adopt an ABAC or ReBAC authorization model. This talk establishes the problems with the status quo, explains the core concepts behind ReBAC, and introduces SpiceDB, a mature and widely adopted open source ReBAC system inspired by the system internally powering Google services such as Docs, YouTube & Cloud IAM - Zanzibar.

How to Secure & Optimize Your RAG pipelines with Fine Grained Authorization

It’s time for Day 2 Ops in the world of AI.

Building enterprise-ready AI poses challenges around data security, scalability, and integration, especially in compliance-regulated industries. Firms are increasing efforts to mitigate risks associated with LLMs regarding sensitive data exfiltration of PII and sensitive company data. The primary mitigation strategy is to build guardrails around Retrieval-Augmented Generation (RAG) to safeguard data while also optimizing query response efficiency. 

This session will cover how modern permissions systems can safeguard sensitive data in RAG pipelines. We'll start with why Authorization is critical for RAG pipelines to protect sensitive data from potential vulnerabilities and also the various techniques for permissions-aware data retrieval including prefiltering, and post-filtering vector databases.

The talk will also include a practical demo implementing fine-grained authorization for RAG using Pinecone, Langchain, OpenAI, and SpiceDB.

Running low-latency workloads on Kubernetes: Lessons learned from SpiceDB

Not all workloads are created equal!

While Kubernetes is designed for flexibility and scalability, it does not provide guarantees for performance-sensitive workloads by default. Without the right configurations, latency-sensitive applications can suffer from unpredictable scheduling, resource contention, and noisy neighbor effects.

This talk distills some of the lessons learned from running SpiceDB - a low-latency authorization system, on Kubernetes and how we got to 5ms p95 @ 1M Requests Per Second. The talk covers

1. Understanding and Mitigating Kubernetes Defaults
2. Advanced Resource Management Strategies
3. Scaling for Performance

By the end of this talk, attendees will understand the practical steps required to reduce unpredictable latency in Kubernetes environments. Whether you're running a global-scale system or fine-tuning a critical microservice, these best practices will help ensure your workloads run smoothly under the highest demands.

Build global-scale Authorization in your web app with Open Source

This workshop will teach you to build Authorization into your web app using SpiceDB - a widely adopted open source system. SpiceDB is based on Google Zanzibar which is the system that Google uses to power the authorization across their products such as YouTube, Google Docs and Cloud IAM.

In this workshop we will integrate authorization to a demo web app. The workshop will be available in multiple programming languages as well as deployment targets.

How to Prevent AI Agents from Accessing Unauthorized Data

It’s time for Day 2 Ops in the world of AI.

Building enterprise-ready AI poses challenges around data security, scalability, and integration, especially in compliance-regulated industries. With the use of AI Agents, guardrails are needed to safeguard data while also optimizing query response quality and efficiency.

This session will cover how modern permissions systems can ensure AI Agents have access only to authorized data. The talk will look at why the Google Zanzibar model of authorization which uses Relationship-Based Access Control (ReBAC) is well suited for fine-grained authorization at scale. The talk covers the nuts and bolts of how this works as well as how to apply it to AI Agents, RAG Pipelines and similar LLM implementations.

The talk will also include a practical demo implementing fine-grained authorization for AI Agents + RAG using Open Source tools such as PGVector, Langchain, OpenAI, and SpiceDB.

We're working with OpenAI on securing 37 billion documetns for 5 million users in ChatGPT connectors. This session is based on the learnings from that.

I've presented this and related topics at DevOpsDays, KCDs, & DevConfs

Target audience is software architects, developers and team leads.

Building Authorization for Agentic RAG Systems

We’ve recently seen the rise of Retrieval Augmented Generation (RAG) systems. With the proliferation of AI Agents & LLMs in Enterprise, the next step in the evolution is Agentic RAG. But for widespread adoption of Agentic RAG systems in enterprise there’s one piece of the puzzle that needs to be solved and that’s fine-grained authorization.

This talk is a deep dive into how modern authorization systems can ensure that AI Agents have access only to authorized data. The talk will look at why the Google Zanzibar model of authorization which uses Relationship-Based Access Control (ReBAC) is well suited to handle dynamic, relationship-driven authorization at scale. The talk explains how the Google Zanzibar system works under the hood, and how to apply it to Agentic RAG with techniques such as pre-filteration and post-filteration. As a bonus also learn about how OpenAI achieves authorization at scale with ChatGPT Apps.

The talk will also include a live coding demo implementing authorization for Agentic RAG using Open Source tools such as Weaviate, Langchain, and SpiceDB.

Based on my code sample here: https://github.com/sohanmaheshwar/agentic-rag-authorization

How Google built a Consistent, Global Authorization System with Zanzibar (and you can too!)

Google Zanzibar is the singular authorization service that powers permissions and sharing across all Google properties, including Docs, YouTube, and Cloud IAM. Creating a consistent, global-scale authorization system that can process "more than 10 million client queries per second” is not a trivial task. The talk will cover how the paper lays out an engineer-friendly blueprint for building a highly scalable distributed system with flexible consistency guarantees.

This talk will start with foundational knowledge of Relationship Based Access Control (ReBAC) and then cover the technical implementations behind Zanzibar - How Google solved for correctness, scale and speed. The presentation will cover the different APIs for interacting with the system and also a deep-dive into how the “New Enemy” problem was solved. The talk will conclude with how you an use open source tools to build authZ into your application.

Broken Authorization now tops OWASP's Top 10 Security Risks for Web Apps. Their recommendation? Adopt an ABAC or ReBAC authorization model. This talk teaches you how Google built Zanzibar for global-scale and how you can implement this for your customers. The talk is targeted at developers, platform engineers and team leads who work on applications at scale that required different permissions.

BAC to the Future: A deep-dive into different Authorization models

Open Worldwide Application Security Project (OWASP) publishes a yearly "Top 10 Security Risks for Web Apps" list. Guess what topped their list this past year?

Broken authorization.

This talk is a deep-dive into common Authorization models such as Role Based Access Control (RBAC), Attribute Based Access Control (ABAC) and Relationship Based Access Control (ReBAC). We discuss how each of these AuthZ models work, how they are implemented, and what the advantages & disadvantages of each are.
At the end of the talk you will have the knowledge to decide which type of authZ model is best suited for your application.

A foundational understanding of the main types of Access Control systems and what the trade-offs of each are. Important to know which system is best suited for your use-case. This talk is aimed at an audience who are unfamiliar with identity and access management.