Question
Design edge authorization for a global CDN/API gateway where every incoming request (5M req/sec across 200 PoPs) must be authorized against customer-defined access rules (allow/deny by token claims, geo, IP reputation, path, method) before it hits the origin, with a p99 added latency budget under 1ms, and a guarantee that a customer's rule change is enforced everywhere within ~10 seconds. Walk through where authorization runs, how rules and the data they need reach 200 PoPs, and how you keep edge decisions both fast and consistent with the central config.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.