Explore the challenges and solutions in implementing authentication and authorization for zero-trust architectures in microservice ecosystems. Dive into Netflix's journey of creating a robust security system, examining the requirements, technology choices, and hurdles encountered. Learn about the surprising decision to use multiple technologies instead of a single solution. Discover insights on forwardable bearer credentials, credential scopes, service-to-service access control, end-user context tickets, and the authorizable context abstraction. Gain valuable takeaways from this 21-minute USENIX Enigma Conference talk by Ian Haken, offering practical knowledge for enhancing security in complex distributed systems.
Overview
Syllabus
Intro
The Red Team Exercise
Authentication and Authorization
Fix #1: Forwardable Bearer Credentials
Potential Fix: Credential Scopes
Keeping up with scopes
Service-to-Service (S2S) Access Control
Service-to-Service Pitfalls
End-User Context (EUC) Tickets
The Authorizable Context Abstraction
Three Takeaways
Taught by
USENIX Enigma Conference
