> Why would we opt to go through the hassle of centralising the data, keeping it in sync? because beyond medium scale, any fully "adjacent" solution is simply not going to work well long-term: distribution of all the data necessary to make authorization decisions becomes untenable, and other scaling factors come into play. Google itself designed and built Zanzibar because policy-based solutions were not functioning properly for them. Now, most people are not Google scale (yet), but it is very rare for most even medium-sized applications to remain a monolith, and in even the case where applications start to get broken down into 1-3 services, having centralized auth becomes very important. Its the same reason you wouldn't embed your RDBMS into your monolithic application (except in rare circumstances): you don't want to have all your data and logic "locked" into a single service