December 19, 2019

240 words 2 mins read

The distributed authorization system: A Netflix case study

The distributed authorization system: A Netflix case study

Manish Mehta and Torin Sandall lead a deep dive into how Netflix enforces authorization policies (who can do what) at scale in its microservices ecosystem in a public cloud without introducing unreasonable latency in the request path.

Talk Title The distributed authorization system: A Netflix case study
Speakers Manish Mehta (Netflix), Torin Sandall (Open Policy Agent Project)
Conference O’Reilly Velocity Conference
Conf Tag Building and maintaining complex distributed systems
Location San Jose, California
Date June 12-14, 2018
URL Talk Page
Slides Talk Slides
Video

Since 2008, Netflix has been on the cutting edge of cloud-based microservice deployments and is now recognized as an industry leader in building and operating cloud-native systems at scale. Like many organizations, Netflix has unique security requirements for many of its workloads. This variety requires a holistic approach to authorization to address “who can do what” across a range of resources, enforcement points, and execution environments. Manish Mehta and Torin Sandall explain how Netflix is solving authorization across the stack in cloud-native environments. You’ll learn how Netflix enforces authorization decisions at scale across various kinds of resources (e.g., HTTP APIs, gRPC methods, and SSH), enforcement points (e.g., microservices, proxies, and host-level daemons), and execution environments (e.g., VMs and containers) without introducing unreasonable latency. They then lead a deep dive into the architecture of Netflix’s distributed authorization system and demonstrate how authorization decisions can be offloaded to an open source, general purpose policy engine (Open Policy Agent).

comments powered by Disqus