Since 2008, Netflix has been on the cutting edge of cloud-based microservice deployments and is now recognized as an industry leader in building and operating cloud-native systems at scale. Like many organizations, Netflix has unique security requirements for many of its workloads. This variety requires a holistic approach to authorization to address “who can do what” across a range of resources, enforcement points, and execution environments.
Manish Mehta and Torin Sandall explain how Netflix is solving authorization across the stack in cloud-native environments. You’ll learn how Netflix enforces authorization decisions at scale across various kinds of resources (e.g., HTTP APIs, gRPC methods, and SSH), enforcement points (e.g., microservices, proxies, and host-level daemons), and execution environments (e.g., VMs and containers) without introducing unreasonable latency. They then lead a deep dive into the architecture of Netflix’s distributed authorization system and demonstrate how authorization decisions can be offloaded to an open source, general purpose policy engine (Open Policy Agent).
Manish Mehta is a senior security software engineer at Netflix, where he designs and develops solutions around secure bootstrapping, authentication (service and user), and authorization for cloud-native infrastructure. He focuses on cybersecurity, particularly security solutions anchored in cryptography, and has authored several research and conference publications in the field. Manish holds both an MS and a PhD in computer science from the University of Missouri – Kansas City.
Torin Sandall is the cofounder and technical lead of the recent open source Open Policy Agent project. He spent 10 years as a software engineer working on large-scale distributed systems projects. Previously, Torin was a senior software engineer at Cyan (acquired by Ciena), where he designed and developed core components of its SDN/NFV platform. He’s a frequent speaker on policy-related topics in Kubernetes at KubeCon, ContainerDaysPDX, Kubernetes meetups, and more.
©2018, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org