Acing SDI
Practice task from chapter 16
Authorization for media products: policy model, enforcement, audit, and reliability.
Access Control for Media App is about designing authorization as a separate capability, not as scattered condition checks in handlers. Interviewers look for policy clarity, responsibility boundaries, and failure behavior.
Functional requirements
- Access checks for viewer/editor/admin and service accounts.
- RBAC baseline with ABAC/ReBAC for advanced policies.
- Audit trail for authorization decisions and policy changes.
- Explain API for support and incident investigation.
Non-functional requirements
- p95 authorization decision latency < 20ms.
- High availability of policy decision path.
- Tenant isolation and privilege-escalation resistance.
- Correct cache invalidation after policy updates.
High-Level Architecture
Theory
ACL/RBAC/ABAC/ReBAC
Access-control models and how to apply them in distributed systems.
High-Level Architecture
PEP/PDP + policy store + audit/revocation loopThis topology separates decision path, policy control plane, and audit/revocation control loop.
This architecture keeps hot decision path separate from policy control plane and supports explainability, auditability, and fast revocation under compromise scenarios.
Write/Read Paths
Write/Read Paths
How policy changes are written into control plane and how hot decision path is served.
Write path: policy/revocation updates are written into versioned store, then cache invalidation propagates and audit events are emitted.
Policy Change
admin/update request
Security/admin service sends policy updates, role grants, and revoke events.
Policy Store
versioned write
Update is committed as a new policy version with rollout guards.
Invalidate Cache
PEP/PDP sync
Invalidation propagates to decision caches and edge enforcement points.
Audit Stream
immutable events
Policy and revoke events are persisted into immutable audit log/SIEM.
Enforcement Ready
new rules active
PEP/PDP runs on the new policy version and applies updated decisions.
Policy Change
admin/update request
Security/admin service sends policy updates, role grants, and revoke events.
Policy Store
versioned write
Update is committed as a new policy version with rollout guards.
Invalidate Cache
PEP/PDP sync
Invalidation propagates to decision caches and edge enforcement points.
Audit Stream
immutable events
Policy and revoke events are persisted into immutable audit log/SIEM.
Enforcement Ready
new rules active
PEP/PDP runs on the new policy version and applies updated decisions.
Write path checkpoints
- •Every policy change must be versioned and attributed to an actor for auditability.
- •Cache invalidation must complete before rollout is considered done.
- •Revocation path should propagate quickly and block compromised sessions.
Policy model
- RBAC for baseline role-based access.
- ABAC for context (tenant, device, region, time).
- ReBAC for collaboration and ownership graphs.
- Deny-by-default with explicit allow paths.
Reliability and security
- Short-lived cache with version-aware invalidation.
- Fallback policy under PDP outage (fail-closed for critical ops).
- Immutable audit log and anomaly detection.
- Fast revocation path for compromised identities.
Common misses in interviews
- No explainability path for denied access decisions.
- Long-lived access cache without policy version control.
- Mixing authentication and authorization concerns.
- No emergency revoke flow for compromised accounts.