Yeah, to be clear I think the Zanzibar authorization model is great! Super helpful to think about authorization logic in terms of relationships.
To give a simple example of an attribute-based control that is tough with the service model: if you want to express "anybody can read a document if it's public", then you need to push that "public" field into the service. Every attribute that you want to use for authorization becomes something that you need to either move or synchronise into the service. Or you leave that logic in the application.
To give a simple example of an attribute-based control that is tough with the service model: if you want to express "anybody can read a document if it's public", then you need to push that "public" field into the service. Every attribute that you want to use for authorization becomes something that you need to either move or synchronise into the service. Or you leave that logic in the application.