AuthN and AuthZ at Cruise - Crawl, Walk, Run

Explore the evolution of authentication and authorization practices at Cruise in this conference talk. Delve into the journey from basic implementations to advanced zero trust security models within Kubernetes clusters. Learn about the challenges faced, unique solutions developed, and the three-phase approach of Crawl, Walk, Run. Discover how Cruise transitioned from traditional methods to implementing SAML flows, request-driven processes, and external authorization using Open Policy Agent. Gain insights into the company's move from Nginx to Envoy, the implementation of stateless authorization, and the introduction of fine-grained access controls. Understand the importance of transparent TLS between services and the development of new user interfaces to support these security enhancements. This presentation offers valuable lessons for organizations looking to improve their AuthN and AuthZ strategies at scale.