The distributed authorization system: A Netflix case study
Manish Mehta and Torin Sandall lead a deep dive into how Netflix enforces authorization policies (who can do what) at scale in its microservices ecosystem in a public cloud without introducing unreasonable latency in the request path.
Talk Title | The distributed authorization system: A Netflix case study |
Speakers | Manish Mehta (Netflix), Torin Sandall (Open Policy Agent Project) |
Conference | O’Reilly Velocity Conference |
Conf Tag | Building and maintaining complex distributed systems |
Location | San Jose, California |
Date | June 12-14, 2018 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
Since 2008, Netflix has been on the cutting edge of cloud-based microservice deployments and is now recognized as an industry leader in building and operating cloud-native systems at scale. Like many organizations, Netflix has unique security requirements for many of its workloads. This variety requires a holistic approach to authorization to address “who can do what” across a range of resources, enforcement points, and execution environments. Manish Mehta and Torin Sandall explain how Netflix is solving authorization across the stack in cloud-native environments. You’ll learn how Netflix enforces authorization decisions at scale across various kinds of resources (e.g., HTTP APIs, gRPC methods, and SSH), enforcement points (e.g., microservices, proxies, and host-level daemons), and execution environments (e.g., VMs and containers) without introducing unreasonable latency. They then lead a deep dive into the architecture of Netflix’s distributed authorization system and demonstrate how authorization decisions can be offloaded to an open source, general purpose policy engine (Open Policy Agent).