Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Adventures in Authentication and Authorization

USENIX Enigma Conference via YouTube

Overview

Explore the challenges and solutions in implementing authentication and authorization for zero-trust architectures in microservice ecosystems. Dive into Netflix's journey of creating a robust security system, examining the requirements, technology choices, and hurdles encountered. Learn about the surprising decision to use multiple technologies instead of a single solution. Discover insights on forwardable bearer credentials, credential scopes, service-to-service access control, end-user context tickets, and the authorizable context abstraction. Gain valuable takeaways from this 21-minute USENIX Enigma Conference talk by Ian Haken, offering practical knowledge for enhancing security in complex distributed systems.

Syllabus

Intro
The Red Team Exercise
Authentication and Authorization
Fix #1: Forwardable Bearer Credentials
Potential Fix: Credential Scopes
Keeping up with scopes
Service-to-Service (S2S) Access Control
Service-to-Service Pitfalls
End-User Context (EUC) Tickets
The Authorizable Context Abstraction
Three Takeaways

Taught by

USENIX Enigma Conference

Reviews

Start your review of Adventures in Authentication and Authorization

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.