Adventures in Authentication and Authorization

Note: Presentation times are in Pacific Standard Time (PST).

Tuesday, January 24, 2023 - 2:40 pm3:10 pm

Ian Haken, Netflix


Zero-trust architectures for microservice ecosystems rely on strong authentication between services, but if you’re looking to implement authentication in your environment there’s an overwhelming number of options: OAuth, mutual TLS, JWTs, macaroons, biscuits, HTTP request signatures, and more. And once you’ve picked one, a robust zero-trust ecosystem needs an authorization system on top of it where there are even more options to choose from. In this presentation I’m going to describe our journey through implementing ubiquitous authentication and authorization in our microservice ecosystem: the requirements informing our technology choices, the pain points and hurdles we encountered along the way, and how we accomplished the somewhat surprising solution of using multiple technologies instead of just one.

Ian Haken, Netflix

Ian Haken is a staff security software engineer at Netflix where has been working since 2016. His work includes development of tools and services that defend the Netflix platform such as the implementation of authentication and authorization solutions, access control management platforms, and cryptographic services. He has also contributed to open source and community projects such as BetterTLS and SPIFEE. Prior to working in information security, he received his PhD in mathematics from the University of California, Berkeley in 2014 with a focus in computability theory and algorithmic information theory.
@conference {285605,
author = {Ian Haken},
title = {Adventures in Authentication and Authorization},
year = {2023},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jan

Presentation Video