Adventures in Authentication and Authorization

Ian Haken, Netflix

Zero-trust architectures for microservice ecosystems rely on strong authentication between services, but if you’re looking to implement authentication in your environment there’s an overwhelming number of options: OAuth, mutual TLS, JWTs, macaroons, biscuits, HTTP request signatures, and more. And once you’ve picked one, a robust zero-trust ecosystem needs an authorization system on top of it where there are even more options to choose from. In this presentation I’m going to describe our journey through implementing ubiquitous authentication and authorization in our microservice ecosystem: the requirements informing our technology choices, the pain points and hurdles we encountered along the way, and how we accomplished the somewhat surprising solution of using multiple technologies instead of just one.

View the full Enigma 2023 program at https://www.usenix.org/conference/eni...