SlideShare a Scribd company logo

User & Device Identity for Microservices @ Netflix Scale

C4Media
C4Media

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2S9tOgy. Satyajit Thadeshwar provides useful insights on how Netflix implemented a secure, token-agnostic, identity solution that works with services operating at a massive scale. He shares some of the lessons learned from this process, both from architectural diagrams and code. Filmed at qconsf.com. Satyajit Thadeshwar is an engineer on the Product Edge Access Services team at Netflix, where he works on some of the most critical services focusing on user and device authentication. He has more than a decade of experience building fault-tolerant and highly scalable, distributed systems.

Technology
1 of 112
User & Device Identity For Microservices @ Netflix Scale Satyajit Thadeshwar QCon San Francisco 2019
InfoQ.com: News & Community Site • Over 1,000,000 software developers, architects and CTOs read the site world- wide every month • 250,000 senior developers subscribe to our weekly newsletter • Published in 4 languages (English, Chinese, Japanese and Brazilian Portuguese) • Post content from our QCon conferences • 2 dedicated podcast channels: The InfoQ Podcast, with a focus on Architecture and The Engineering Culture Podcast, with a focus on building • 96 deep dives on innovative topics packed as downloadable emags and minibooks • Over 40 new content items per week Watch the video with slide synchronization on InfoQ.com! https://www.infoq.com/presentations/ netflix-user-identity/
Purpose of QCon - to empower software development by facilitating the spread of knowledge and innovation Strategy - practitioner-driven conference designed for YOU: influencers of change and innovation in your teams - speakers and topics driving the evolution and innovation - connecting and catalyzing the influencers and innovators Highlights - attended by more than 12,000 delegates since 2007 - held in 9 cities worldwide Presented at QCon San Francisco www.qconsf.com
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Logged out? #$%&!
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Logged out? #$%&!
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Time CoreStreamingMetric Current Last Week
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Satyajit Thadeshwar Product Edge Access Systems sthadeshwar@netflix.com
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Complicated
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar 9 teams 57 watchers
Netflix subscribers and the devices that they use User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Where we were What we did Wins
Where we were User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 User Login
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API EDGE ORIGIN Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login User Login
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login success User Login
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login success User Login customerId: 10192378 ESN: LGTV20165-193456G568 Expires: In 8 hours
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login successSet-Cookie User Login customerId: 10192378 ESN: LGTV20165-193456G568 Expires: In 8 hours
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Authenticate Request /browse
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API EDGE ORIGIN /browse Authenticate Request /browse
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API EDGE ORIGIN /browse Authenticate Request success KEY MANAGEMENT SERVICE /browse
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices EDGE ORIGIN /browse Authenticate Request success MID-TIER SERVICES customerId: 10192378 ESN: LGTV20165-193456G568 KEY MANAGEMENT SERVICE /browse
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices EDGE ORIGIN /browse Authenticate Request success MID-TIER SERVICES customerId: 10192378 ESN: LGTV20165-193456G568 KEY MANAGEMENT SERVICE /browse
More than one service consuming cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES/ios /android /atv ...
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
At massive scale User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Netflix 158M+ subscribers
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Netflix 158M+ subscribers 1B+ devices
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Netflix 158M+ subscribers 1B+ devices 2M peak RPS
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Authenticate Request / Extract Identity API ORIGIN KEY MANAGEMENT SERVICE = 2 million Requests Per Second
More than one token type User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
Cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
Cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Signup
Cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Signup - Login
Cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Signup - Login - Discovery
MSL Tokens User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Device authentication - Encryption Message Security Layer (MSL) https://www.infoq.com/news/2014/11/netflix-msl/
MSL Tokens User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - License - Playback
CTicket User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Legacy devices
Partner Tokens User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - JWS, JWE - Non-member experiences
- Signup - Sign-in - Discovery - License - Playback - Legacy devices - Non-member experience Cookies MSL Tokens CTicket Partner Tokens (JWS, JWE) User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
- Multiple services consuming auth tokens - Multiple types of auth tokens - Massive scale - Inefficient, insecure & complicated Where we were User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback API
What we didUser & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
Moved authentication to the edge User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback API
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback APICookie Service MSL Service Partner Service EAS
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback APICookie Service MSL Service Partner Service EAS EDGE AUTHENTICATION SERVICES
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE EAS renewal / device auth / key exchange Cookie Service MSL Service Partner Service valid and not expired 95% 5%
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Cookie Service EAS valid but expired renewal call
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Cookie Service EAS valid but expired renewal call failed
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Cookie Service EAS valid but expired renewal call rescheduled resolved identity
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Cookie Service EAS valid but expired renewal call rescheduled rescheduled cookie resolved identity
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback APICookie Service MSL Service Partner Service EAS EDGE AUTHENTICATION SERVICES
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback APICookie Service MSL Service Partner Service EAS EDGE AUTHENTICATION SERVICES
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request - Contains user & device identity
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request - Contains user & device identity - Internal to Netflix ecosystem
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request - Contains user & device identity - Internal to Netflix ecosystem - Integrity protected by HMAC
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request - Contains user & device identity - Internal to Netflix ecosystem - Integrity protected by HMAC - Protobuf format
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; }
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message Header { string originator = 1; }
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; }
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message UserInfo { Source source = 1; AuthenticationLevel auth_level = 2; Int64Wrapper customer_id = 3; Int64Wrapper account_owner_id = 4; repeated UserAction actions = ; }
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message DeviceInfo { Source source = 1; AuthenticationLevel auth_level = 2; StringValue esn = 3; Int32Value device_type = 4; repeated DeviceAction actions = 5; }
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message UserInfo { Source source = 1; AuthenticationLevel auth_level = 2; } message DeviceInfo { Source source = 1; AuthenticationLevel auth_level = 2; }
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message UserInfo { Source source = 1; AuthenticationLevel auth_level = 2; } message DeviceInfo { Source source = 1; AuthenticationLevel auth_level = 2; } enum Source { COOKIE = 1; MSL = 2; PARTNER_TOKEN = 3; CTICKET = 4; }
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message UserInfo { Source source = 1; AuthenticationLevel auth_level = 2; } message DeviceInfo { Source source = 1; AuthenticationLevel auth_level = 2; } enum AuthenticationLevel { LOW = 1; // untrusted transport HIGH = 2; // secure tokens over TLS HIGHEST = 3; // MSL or user credentials }
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message Integrity { string key_name = 1; bytes hmac = 2; }
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Introspector - Wrapper over passport binary data
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Introspector - Wrapper over passport binary data public interface PassportIntrospector { Long getCustomerId(); Long getAccountOwnerId(); String getEsn(); String getPassportAsString(); ... }
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Introspector - Wrapper over passport binary data public interface PassportIntrospector { Long getCustomerId(); Long getAccountOwnerId(); String getEsn(); String getPassportAsString(); ... } - Consumers create passportIntrospector from binary passport data factory.createIntrospector(passport);
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Tooling Self-service tool for teams to decrypt passport
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Actions message UserInfo { repeated UserAction actions = 6; ... } message DeviceInfo { repeated DeviceAction actions = 5; ... }
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Actions message UserInfo { repeated UserAction actions = 6; ... } message DeviceInfo { repeated DeviceAction actions = 5; ... } - Explicit signal sent by the downstream services, when an update to user or device identity has been performed
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Actions message UserInfo { repeated UserAction actions = 6; ... } message DeviceInfo { repeated DeviceAction actions = 5; ... } - Explicit signal sent by the downstream services, when an update to user or device identity has been performed - This "signal" is used by EAS to either create or update the corresponding type of token
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action: User Login
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 Passport Action: User Login
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API EDGE ORIGIN Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login Passport Action: User Login (Device Bound)
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login success Passport Action: User Login (Device Bound)
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login success Passport Action: User Login (Device Bound) user loginuser login
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login successSet-Cookie Passport Action: User Login Cookie Service (Device Bound) user loginuser login
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action: Profile Switch
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action: Profile Switch - Each profile has its own identity
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action: Profile Switch - Each profile has its own identity - Switched profile tokens sent back to the device
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Actions Separation Of Concerns Increased Visibility
- Moved authentication to the edge - Streamlined the identity resolution and mutation path - Making consumption of user & device identity - Efficient, secure & simple What we did User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
WinsUser & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Token Agnostic Identity Downstream systems don't have to worry about authentication concerns
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Simplified Authorization Downstream services use authentication level for authorization decisions
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Simplified Authorization Before: long customerId = 2123125603L; String ESN = "NFXBOX-235F…";
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Extensible Identity Model New attributes about user or device can be added
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Local cache for up to date subscriber data message UserInfo { BytesValue subscriber_account ... } Placeholder for local cache of subscriber data
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned Offloaded token processing which resulted into significant gains for - CPU - Request Latency - GC - Cluster Footprint We were able to fine-tune EAS systems based on the token processing profile
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned Offloaded token processing which resulted into significant gains for - CPU - Request Latency - GC - Cluster Footprint We were able to fine tune EAS systems based on the token processing profile
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned - 30% reduction in CPU cost per request - 40% reduction in load average CPU to RPS ratio for API instance
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned - 30% reduction in average latency - 99th percentile latency dropping by 20% Response time for API instance
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned - Significant reduction in GC pressure and GC pause times Stop the world GC for API cluster
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Increased Visibility Increased visibility into identities flowing in and out of Netflix ecosystem ...and into the identity mutations happening in a request
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Developer Velocity Greatly increased developer velocity for authentication related changes
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Team focused on security Separation of concerns among the teams
User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Key Takeaways - Token agnostic identity model - Simplified authorization - Extensible identity model - Offloaded all the token processing from many systems - Fine tuned individual microservices to suit the token processing profile - Increased visibility into identities flowing and corresponding mutations - Increased developer velocity for authentication & identity related changes - Team focused on security
Thank You. Satyajit Thadeshwar sthadeshwar@netflix.com https://www.linkedin.com/in/satyajit-thadeshwar
Watch the video with slide synchronization on InfoQ.com! https://www.infoq.com/presentations/ netflix-user-identity/

Recommended

TechWiseTV Workshop: 5th Generation UCS
TechWiseTV Workshop: 5th Generation UCSTechWiseTV Workshop: 5th Generation UCS
TechWiseTV Workshop: 5th Generation UCSRobb Boyd
 
Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...Arthur Berezin
 
Dell Technologies - Company and Portfolio Introduction in 20 Minutes
Dell Technologies - Company and Portfolio Introduction in 20 MinutesDell Technologies - Company and Portfolio Introduction in 20 Minutes
Dell Technologies - Company and Portfolio Introduction in 20 MinutesDell Technologies
 
日本OpenStackユーザ会 第37回勉強会
日本OpenStackユーザ会 第37回勉強会日本OpenStackユーザ会 第37回勉強会
日本OpenStackユーザ会 第37回勉強会Yushiro Furukawa
 
ScienceSoft Corporate Profile
ScienceSoft Corporate ProfileScienceSoft Corporate Profile
ScienceSoft Corporate ProfileSergei Rabotai
 
Metaverse
MetaverseMetaverse
MetaverseEdi Wibowo
 
NGSI-LD IoT Agents
NGSI-LD IoT AgentsNGSI-LD IoT Agents
NGSI-LD IoT AgentsFIWARE
 
MetatonZ: Troyer Patents Elevator uptodate 60614
MetatonZ: Troyer Patents Elevator uptodate 60614MetatonZ: Troyer Patents Elevator uptodate 60614
MetatonZ: Troyer Patents Elevator uptodate 60614Diane Troyer
 

Recommended

TechWiseTV Workshop: 5th Generation UCS
TechWiseTV Workshop: 5th Generation UCSTechWiseTV Workshop: 5th Generation UCS
TechWiseTV Workshop: 5th Generation UCSRobb Boyd
 
Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...Arthur Berezin
 
Dell Technologies - Company and Portfolio Introduction in 20 Minutes
Dell Technologies - Company and Portfolio Introduction in 20 MinutesDell Technologies - Company and Portfolio Introduction in 20 Minutes
Dell Technologies - Company and Portfolio Introduction in 20 MinutesDell Technologies
 
日本OpenStackユーザ会 第37回勉強会
日本OpenStackユーザ会 第37回勉強会日本OpenStackユーザ会 第37回勉強会
日本OpenStackユーザ会 第37回勉強会Yushiro Furukawa
 
ScienceSoft Corporate Profile
ScienceSoft Corporate ProfileScienceSoft Corporate Profile
ScienceSoft Corporate ProfileSergei Rabotai
 
Metaverse
MetaverseMetaverse
MetaverseEdi Wibowo
 
NGSI-LD IoT Agents
NGSI-LD IoT AgentsNGSI-LD IoT Agents
NGSI-LD IoT AgentsFIWARE
 
MetatonZ: Troyer Patents Elevator uptodate 60614
MetatonZ: Troyer Patents Elevator uptodate 60614MetatonZ: Troyer Patents Elevator uptodate 60614
MetatonZ: Troyer Patents Elevator uptodate 60614Diane Troyer
 
Dell Technologies - The Complete ISG Hardware Portfolio
Dell Technologies - The Complete ISG Hardware PortfolioDell Technologies - The Complete ISG Hardware Portfolio
Dell Technologies - The Complete ISG Hardware PortfolioDell Technologies
 
World of Metaverse
World of MetaverseWorld of Metaverse
World of Metaversefireflylabz
 
Fairmont metaverse sunumu
Fairmont metaverse sunumuFairmont metaverse sunumu
Fairmont metaverse sunumuELİF TÜDEŞ
 
QQ Overview
QQ OverviewQQ Overview
QQ OverviewTien Huynh
 
OpenStack-Ansibleで作るOpenStack HA環境 手順書解説 - OpenStack最新情報セミナー 2016年3月
OpenStack-Ansibleで作るOpenStack HA環境 手順書解説 - OpenStack最新情報セミナー 2016年3月OpenStack-Ansibleで作るOpenStack HA環境 手順書解説 - OpenStack最新情報セミナー 2016年3月
OpenStack-Ansibleで作るOpenStack HA環境 手順書解説 - OpenStack最新情報セミナー 2016年3月VirtualTech Japan Inc.
 
All You need to know about "Database Connector" in Mendix
All You need to know about "Database Connector" in MendixAll You need to know about "Database Connector" in Mendix
All You need to know about "Database Connector" in MendixMxTechies
 
Mavenir: Network Transformation for 5G Services
Mavenir: Network Transformation for 5G ServicesMavenir: Network Transformation for 5G Services
Mavenir: Network Transformation for 5G ServicesMavenir
 
Securing your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris KelloggSecuring your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris KelloggStreamNative
 
BGP Dynamic Routing and Neutron
BGP Dynamic Routing and NeutronBGP Dynamic Routing and Neutron
BGP Dynamic Routing and Neutronrktidwell
 
Cloud comparison - AWS vs Azure vs Google
Cloud comparison - AWS vs Azure vs GoogleCloud comparison - AWS vs Azure vs Google
Cloud comparison - AWS vs Azure vs GooglePatrick Pierson
 
Telco Cloud - 01. introduction to Telco cloud
Telco Cloud - 01. introduction to Telco cloudTelco Cloud - 01. introduction to Telco cloud
Telco Cloud - 01. introduction to Telco cloudVikas Shokeen
 
Introduction to OpenStack Storage
Introduction to OpenStack StorageIntroduction to OpenStack Storage
Introduction to OpenStack StorageNetApp
 
IPMI is dead, Long live Redfish
IPMI is dead, Long live RedfishIPMI is dead, Long live Redfish
IPMI is dead, Long live RedfishBruno Cornec
 
Nova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-serviceNova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-servicePratik Bandarkar
 
SD WAN
SD WANSD WAN
SD WANBri Molina
 
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 [Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 Yunho Maeng
 
Dell Technologies - The Portfolio in 20+9 Minutes
Dell Technologies - The Portfolio in 20+9 MinutesDell Technologies - The Portfolio in 20+9 Minutes
Dell Technologies - The Portfolio in 20+9 MinutesDell Technologies
 
Metaverse
MetaverseMetaverse
MetaverseRobertHenderson86
 
Microservices
MicroservicesMicroservices
MicroservicesSmartBear
 
Everything about metaverse. Advantages,Disadvantages, metaverse movies.
Everything about metaverse. Advantages,Disadvantages, metaverse movies. Everything about metaverse. Advantages,Disadvantages, metaverse movies.
Everything about metaverse. Advantages,Disadvantages, metaverse movies. Vaidehi Patel
 
Netflix AIM Engineering Manager
Netflix AIM Engineering ManagerNetflix AIM Engineering Manager
Netflix AIM Engineering ManagerKaren Casella
 
access identity management senior software engineers
access identity management senior software engineersaccess identity management senior software engineers
access identity management senior software engineersKaren Casella
 

More Related Content

What's hot

Dell Technologies - The Complete ISG Hardware Portfolio
Dell Technologies - The Complete ISG Hardware PortfolioDell Technologies - The Complete ISG Hardware Portfolio
Dell Technologies - The Complete ISG Hardware PortfolioDell Technologies
 
World of Metaverse
World of MetaverseWorld of Metaverse
World of Metaversefireflylabz
 
Fairmont metaverse sunumu
Fairmont metaverse sunumuFairmont metaverse sunumu
Fairmont metaverse sunumuELİF TÜDEŞ
 
OpenStack-Ansibleで作るOpenStack HA環境 手順書解説 - OpenStack最新情報セミナー 2016年3月
OpenStack-Ansibleで作るOpenStack HA環境 手順書解説 - OpenStack最新情報セミナー 2016年3月OpenStack-Ansibleで作るOpenStack HA環境 手順書解説 - OpenStack最新情報セミナー 2016年3月
OpenStack-Ansibleで作るOpenStack HA環境 手順書解説 - OpenStack最新情報セミナー 2016年3月VirtualTech Japan Inc.
 
All You need to know about "Database Connector" in Mendix
All You need to know about "Database Connector" in MendixAll You need to know about "Database Connector" in Mendix
All You need to know about "Database Connector" in MendixMxTechies
 
Mavenir: Network Transformation for 5G Services
Mavenir: Network Transformation for 5G ServicesMavenir: Network Transformation for 5G Services
Mavenir: Network Transformation for 5G ServicesMavenir
 
Securing your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris KelloggSecuring your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris KelloggStreamNative
 
BGP Dynamic Routing and Neutron
BGP Dynamic Routing and NeutronBGP Dynamic Routing and Neutron
BGP Dynamic Routing and Neutronrktidwell
 
Cloud comparison - AWS vs Azure vs Google
Cloud comparison - AWS vs Azure vs GoogleCloud comparison - AWS vs Azure vs Google
Cloud comparison - AWS vs Azure vs GooglePatrick Pierson
 
Telco Cloud - 01. introduction to Telco cloud
Telco Cloud - 01. introduction to Telco cloudTelco Cloud - 01. introduction to Telco cloud
Telco Cloud - 01. introduction to Telco cloudVikas Shokeen
 
Introduction to OpenStack Storage
Introduction to OpenStack StorageIntroduction to OpenStack Storage
Introduction to OpenStack StorageNetApp
 
IPMI is dead, Long live Redfish
IPMI is dead, Long live RedfishIPMI is dead, Long live Redfish
IPMI is dead, Long live RedfishBruno Cornec
 
Nova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-serviceNova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-servicePratik Bandarkar
 
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 [Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 Yunho Maeng
 
Dell Technologies - The Portfolio in 20+9 Minutes
Dell Technologies - The Portfolio in 20+9 MinutesDell Technologies - The Portfolio in 20+9 Minutes
Dell Technologies - The Portfolio in 20+9 MinutesDell Technologies
 
Microservices
MicroservicesMicroservices
MicroservicesSmartBear
 
Everything about metaverse. Advantages,Disadvantages, metaverse movies.
Everything about metaverse. Advantages,Disadvantages, metaverse movies. Everything about metaverse. Advantages,Disadvantages, metaverse movies.
Everything about metaverse. Advantages,Disadvantages, metaverse movies. Vaidehi Patel
 

What's hot (20)

Dell Technologies - The Complete ISG Hardware Portfolio
Dell Technologies - The Complete ISG Hardware PortfolioDell Technologies - The Complete ISG Hardware Portfolio
Dell Technologies - The Complete ISG Hardware Portfolio
 
World of Metaverse
World of MetaverseWorld of Metaverse
World of Metaverse
 
Fairmont metaverse sunumu
Fairmont metaverse sunumuFairmont metaverse sunumu
Fairmont metaverse sunumu
 
QQ Overview
QQ OverviewQQ Overview
QQ Overview
 
OpenStack-Ansibleで作るOpenStack HA環境 手順書解説 - OpenStack最新情報セミナー 2016年3月
OpenStack-Ansibleで作るOpenStack HA環境 手順書解説 - OpenStack最新情報セミナー 2016年3月OpenStack-Ansibleで作るOpenStack HA環境 手順書解説 - OpenStack最新情報セミナー 2016年3月
OpenStack-Ansibleで作るOpenStack HA環境 手順書解説 - OpenStack最新情報セミナー 2016年3月
 
All You need to know about "Database Connector" in Mendix
All You need to know about "Database Connector" in MendixAll You need to know about "Database Connector" in Mendix
All You need to know about "Database Connector" in Mendix
 
Mavenir: Network Transformation for 5G Services
Mavenir: Network Transformation for 5G ServicesMavenir: Network Transformation for 5G Services
Mavenir: Network Transformation for 5G Services
 
Securing your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris KelloggSecuring your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris Kellogg
 
BGP Dynamic Routing and Neutron
BGP Dynamic Routing and NeutronBGP Dynamic Routing and Neutron
BGP Dynamic Routing and Neutron
 
Cloud comparison - AWS vs Azure vs Google
Cloud comparison - AWS vs Azure vs GoogleCloud comparison - AWS vs Azure vs Google
Cloud comparison - AWS vs Azure vs Google
 
Telco Cloud - 01. introduction to Telco cloud
Telco Cloud - 01. introduction to Telco cloudTelco Cloud - 01. introduction to Telco cloud
Telco Cloud - 01. introduction to Telco cloud
 
Introduction to OpenStack Storage
Introduction to OpenStack StorageIntroduction to OpenStack Storage
Introduction to OpenStack Storage
 
IPMI is dead, Long live Redfish
IPMI is dead, Long live RedfishIPMI is dead, Long live Redfish
IPMI is dead, Long live Redfish
 
Nova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-serviceNova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-service
 
SD WAN
SD WANSD WAN
SD WAN
 
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발 [Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
[Call for code] IBM 블록체인을 활용하여 투명하게 구호기금 관리하기 - Hyperledger Fabric v1.1 by 맹개발
 
Dell Technologies - The Portfolio in 20+9 Minutes
Dell Technologies - The Portfolio in 20+9 MinutesDell Technologies - The Portfolio in 20+9 Minutes
Dell Technologies - The Portfolio in 20+9 Minutes
 
Metaverse
MetaverseMetaverse
Metaverse
 
Microservices
MicroservicesMicroservices
Microservices
 
Everything about metaverse. Advantages,Disadvantages, metaverse movies.
Everything about metaverse. Advantages,Disadvantages, metaverse movies. Everything about metaverse. Advantages,Disadvantages, metaverse movies.
Everything about metaverse. Advantages,Disadvantages, metaverse movies.
 

Similar to User & Device Identity for Microservices @ Netflix Scale

Netflix AIM Engineering Manager
Netflix AIM Engineering ManagerNetflix AIM Engineering Manager
Netflix AIM Engineering ManagerKaren Casella
 
access identity management senior software engineers
access identity management senior software engineersaccess identity management senior software engineers
access identity management senior software engineersKaren Casella
 
AIM Software Engineer Openings
AIM Software Engineer OpeningsAIM Software Engineer Openings
AIM Software Engineer OpeningsKaren Casella
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup SlidesJacksonMorgan9
 
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...Amazon Web Services
 
Cilium:: Application-Aware Microservices via BPF
Cilium:: Application-Aware Microservices via BPFCilium:: Application-Aware Microservices via BPF
Cilium:: Application-Aware Microservices via BPFCynthia Thomas
 
AWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoTAWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoTAmazon Web Services
 
Developing Connected Applications with AWS IoT - Technical 301
Developing Connected Applications with AWS IoT - Technical 301Developing Connected Applications with AWS IoT - Technical 301
Developing Connected Applications with AWS IoT - Technical 301Amazon Web Services
 
Playback & Edge Access Services Senior Software Engineer
Playback & Edge Access Services Senior Software EngineerPlayback & Edge Access Services Senior Software Engineer
Playback & Edge Access Services Senior Software EngineerKaren Casella
 
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech TalksHow to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech TalksAmazon Web Services
 
AT&T Shape Hackathon Kick-off
AT&T Shape Hackathon Kick-offAT&T Shape Hackathon Kick-off
AT&T Shape Hackathon Kick-offEd Donahue
 
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakDevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakHitachi, Ltd. OSS Solution Center.
 
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREKeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREÁlvaro Alonso González
 
User activity monitoring with SysKit
User activity monitoring with SysKitUser activity monitoring with SysKit
User activity monitoring with SysKitSysKit Ltd
 
Bw13 session2 app_dev_presenter_final
Bw13 session2 app_dev_presenter_finalBw13 session2 app_dev_presenter_final
Bw13 session2 app_dev_presenter_finalBlair Poloskey
 
Serverless Data Processing on AWS - Level 300
Serverless Data Processing on AWS - Level 300Serverless Data Processing on AWS - Level 300
Serverless Data Processing on AWS - Level 300Amazon Web Services
 
Enabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioningEnabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioningEurotech
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 

Similar to User & Device Identity for Microservices @ Netflix Scale (20)

Netflix AIM Engineering Manager
Netflix AIM Engineering ManagerNetflix AIM Engineering Manager
Netflix AIM Engineering Manager
 
access identity management senior software engineers
access identity management senior software engineersaccess identity management senior software engineers
access identity management senior software engineers
 
AIM Software Engineer Openings
AIM Software Engineer OpeningsAIM Software Engineer Openings
AIM Software Engineer Openings
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup Slides
 
AWS User Group November
AWS User Group NovemberAWS User Group November
AWS User Group November
 
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
 
Cilium:: Application-Aware Microservices via BPF
Cilium:: Application-Aware Microservices via BPFCilium:: Application-Aware Microservices via BPF
Cilium:: Application-Aware Microservices via BPF
 
AWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoTAWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoT
 
Developing Connected Applications with AWS IoT - Technical 301
Developing Connected Applications with AWS IoT - Technical 301Developing Connected Applications with AWS IoT - Technical 301
Developing Connected Applications with AWS IoT - Technical 301
 
Playback & Edge Access Services Senior Software Engineer
Playback & Edge Access Services Senior Software EngineerPlayback & Edge Access Services Senior Software Engineer
Playback & Edge Access Services Senior Software Engineer
 
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech TalksHow to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
 
AT&T Shape Hackathon Kick-off
AT&T Shape Hackathon Kick-offAT&T Shape Hackathon Kick-off
AT&T Shape Hackathon Kick-off
 
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakDevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
 
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREKeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
 
User activity monitoring with SysKit
User activity monitoring with SysKitUser activity monitoring with SysKit
User activity monitoring with SysKit
 
Bw13 session2 app_dev_presenter_final
Bw13 session2 app_dev_presenter_finalBw13 session2 app_dev_presenter_final
Bw13 session2 app_dev_presenter_final
 
Serverless Data Processing on AWS - Level 300
Serverless Data Processing on AWS - Level 300Serverless Data Processing on AWS - Level 300
Serverless Data Processing on AWS - Level 300
 
Enabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioningEnabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioning
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...
 

More from C4Media

Streaming a Million Likes/Second: Real-Time Interactions on Live Video
Streaming a Million Likes/Second: Real-Time Interactions on Live VideoStreaming a Million Likes/Second: Real-Time Interactions on Live Video
Streaming a Million Likes/Second: Real-Time Interactions on Live VideoC4Media
 
Next Generation Client APIs in Envoy Mobile
Next Generation Client APIs in Envoy MobileNext Generation Client APIs in Envoy Mobile
Next Generation Client APIs in Envoy MobileC4Media
 
Software Teams and Teamwork Trends Report Q1 2020
Software Teams and Teamwork Trends Report Q1 2020Software Teams and Teamwork Trends Report Q1 2020
Software Teams and Teamwork Trends Report Q1 2020C4Media
 
Understand the Trade-offs Using Compilers for Java Applications
Understand the Trade-offs Using Compilers for Java ApplicationsUnderstand the Trade-offs Using Compilers for Java Applications
Understand the Trade-offs Using Compilers for Java ApplicationsC4Media
 
Kafka Needs No Keeper
Kafka Needs No KeeperKafka Needs No Keeper
Kafka Needs No KeeperC4Media
 
High Performing Teams Act Like Owners
High Performing Teams Act Like OwnersHigh Performing Teams Act Like Owners
High Performing Teams Act Like OwnersC4Media
 
Does Java Need Inline Types? What Project Valhalla Can Bring to Java
Does Java Need Inline Types? What Project Valhalla Can Bring to JavaDoes Java Need Inline Types? What Project Valhalla Can Bring to Java
Does Java Need Inline Types? What Project Valhalla Can Bring to JavaC4Media
 
Service Meshes- The Ultimate Guide
Service Meshes- The Ultimate GuideService Meshes- The Ultimate Guide
Service Meshes- The Ultimate GuideC4Media
 
Shifting Left with Cloud Native CI/CD
Shifting Left with Cloud Native CI/CDShifting Left with Cloud Native CI/CD
Shifting Left with Cloud Native CI/CDC4Media
 
CI/CD for Machine Learning
CI/CD for Machine LearningCI/CD for Machine Learning
CI/CD for Machine LearningC4Media
 
Fault Tolerance at Speed
Fault Tolerance at SpeedFault Tolerance at Speed
Fault Tolerance at SpeedC4Media
 
Architectures That Scale Deep - Regaining Control in Deep Systems
Architectures That Scale Deep - Regaining Control in Deep SystemsArchitectures That Scale Deep - Regaining Control in Deep Systems
Architectures That Scale Deep - Regaining Control in Deep SystemsC4Media
 
ML in the Browser: Interactive Experiences with Tensorflow.js
ML in the Browser: Interactive Experiences with Tensorflow.jsML in the Browser: Interactive Experiences with Tensorflow.js
ML in the Browser: Interactive Experiences with Tensorflow.jsC4Media
 
Build Your Own WebAssembly Compiler
Build Your Own WebAssembly CompilerBuild Your Own WebAssembly Compiler
Build Your Own WebAssembly CompilerC4Media
 
Scaling Patterns for Netflix's Edge
Scaling Patterns for Netflix's EdgeScaling Patterns for Netflix's Edge
Scaling Patterns for Netflix's EdgeC4Media
 
Make Your Electron App Feel at Home Everywhere
Make Your Electron App Feel at Home EverywhereMake Your Electron App Feel at Home Everywhere
Make Your Electron App Feel at Home EverywhereC4Media
 
The Talk You've Been Await-ing For
The Talk You've Been Await-ing ForThe Talk You've Been Await-ing For
The Talk You've Been Await-ing ForC4Media
 
Future of Data Engineering
Future of Data EngineeringFuture of Data Engineering
Future of Data EngineeringC4Media
 
Automated Testing for Terraform, Docker, Packer, Kubernetes, and More
Automated Testing for Terraform, Docker, Packer, Kubernetes, and MoreAutomated Testing for Terraform, Docker, Packer, Kubernetes, and More
Automated Testing for Terraform, Docker, Packer, Kubernetes, and MoreC4Media
 
Navigating Complexity: High-performance Delivery and Discovery Teams
Navigating Complexity: High-performance Delivery and Discovery TeamsNavigating Complexity: High-performance Delivery and Discovery Teams
Navigating Complexity: High-performance Delivery and Discovery TeamsC4Media
 

More from C4Media (20)

Streaming a Million Likes/Second: Real-Time Interactions on Live Video
Streaming a Million Likes/Second: Real-Time Interactions on Live VideoStreaming a Million Likes/Second: Real-Time Interactions on Live Video
Streaming a Million Likes/Second: Real-Time Interactions on Live Video
 
Next Generation Client APIs in Envoy Mobile
Next Generation Client APIs in Envoy MobileNext Generation Client APIs in Envoy Mobile
Next Generation Client APIs in Envoy Mobile
 
Software Teams and Teamwork Trends Report Q1 2020
Software Teams and Teamwork Trends Report Q1 2020Software Teams and Teamwork Trends Report Q1 2020
Software Teams and Teamwork Trends Report Q1 2020
 
Understand the Trade-offs Using Compilers for Java Applications
Understand the Trade-offs Using Compilers for Java ApplicationsUnderstand the Trade-offs Using Compilers for Java Applications
Understand the Trade-offs Using Compilers for Java Applications
 
Kafka Needs No Keeper
Kafka Needs No KeeperKafka Needs No Keeper
Kafka Needs No Keeper
 
High Performing Teams Act Like Owners
High Performing Teams Act Like OwnersHigh Performing Teams Act Like Owners
High Performing Teams Act Like Owners
 
Does Java Need Inline Types? What Project Valhalla Can Bring to Java
Does Java Need Inline Types? What Project Valhalla Can Bring to JavaDoes Java Need Inline Types? What Project Valhalla Can Bring to Java
Does Java Need Inline Types? What Project Valhalla Can Bring to Java
 
Service Meshes- The Ultimate Guide
Service Meshes- The Ultimate GuideService Meshes- The Ultimate Guide
Service Meshes- The Ultimate Guide
 
Shifting Left with Cloud Native CI/CD
Shifting Left with Cloud Native CI/CDShifting Left with Cloud Native CI/CD
Shifting Left with Cloud Native CI/CD
 
CI/CD for Machine Learning
CI/CD for Machine LearningCI/CD for Machine Learning
CI/CD for Machine Learning
 
Fault Tolerance at Speed
Fault Tolerance at SpeedFault Tolerance at Speed
Fault Tolerance at Speed
 
Architectures That Scale Deep - Regaining Control in Deep Systems
Architectures That Scale Deep - Regaining Control in Deep SystemsArchitectures That Scale Deep - Regaining Control in Deep Systems
Architectures That Scale Deep - Regaining Control in Deep Systems
 
ML in the Browser: Interactive Experiences with Tensorflow.js
ML in the Browser: Interactive Experiences with Tensorflow.jsML in the Browser: Interactive Experiences with Tensorflow.js
ML in the Browser: Interactive Experiences with Tensorflow.js
 
Build Your Own WebAssembly Compiler
Build Your Own WebAssembly CompilerBuild Your Own WebAssembly Compiler
Build Your Own WebAssembly Compiler
 
Scaling Patterns for Netflix's Edge
Scaling Patterns for Netflix's EdgeScaling Patterns for Netflix's Edge
Scaling Patterns for Netflix's Edge
 
Make Your Electron App Feel at Home Everywhere
Make Your Electron App Feel at Home EverywhereMake Your Electron App Feel at Home Everywhere
Make Your Electron App Feel at Home Everywhere
 
The Talk You've Been Await-ing For
The Talk You've Been Await-ing ForThe Talk You've Been Await-ing For
The Talk You've Been Await-ing For
 
Future of Data Engineering
Future of Data EngineeringFuture of Data Engineering
Future of Data Engineering
 
Automated Testing for Terraform, Docker, Packer, Kubernetes, and More
Automated Testing for Terraform, Docker, Packer, Kubernetes, and MoreAutomated Testing for Terraform, Docker, Packer, Kubernetes, and More
Automated Testing for Terraform, Docker, Packer, Kubernetes, and More
 
Navigating Complexity: High-performance Delivery and Discovery Teams
Navigating Complexity: High-performance Delivery and Discovery TeamsNavigating Complexity: High-performance Delivery and Discovery Teams
Navigating Complexity: High-performance Delivery and Discovery Teams
 

Recently uploaded

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 

Recently uploaded (20)

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 

User & Device Identity for Microservices @ Netflix Scale

  • 1. User & Device Identity For Microservices @ Netflix Scale Satyajit Thadeshwar QCon San Francisco 2019
  • 2. InfoQ.com: News & Community Site • Over 1,000,000 software developers, architects and CTOs read the site world- wide every month • 250,000 senior developers subscribe to our weekly newsletter • Published in 4 languages (English, Chinese, Japanese and Brazilian Portuguese) • Post content from our QCon conferences • 2 dedicated podcast channels: The InfoQ Podcast, with a focus on Architecture and The Engineering Culture Podcast, with a focus on building • 96 deep dives on innovative topics packed as downloadable emags and minibooks • Over 40 new content items per week Watch the video with slide synchronization on InfoQ.com! https://www.infoq.com/presentations/ netflix-user-identity/
  • 3. Purpose of QCon - to empower software development by facilitating the spread of knowledge and innovation Strategy - practitioner-driven conference designed for YOU: influencers of change and innovation in your teams - speakers and topics driving the evolution and innovation - connecting and catalyzing the influencers and innovators Highlights - attended by more than 12,000 delegates since 2007 - held in 9 cities worldwide Presented at QCon San Francisco www.qconsf.com
  • 4. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Logged out? #$%&!
  • 5. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Logged out? #$%&!
  • 6. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Time CoreStreamingMetric Current Last Week
  • 7. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Satyajit Thadeshwar Product Edge Access Systems sthadeshwar@netflix.com
  • 8. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Complicated
  • 9. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  • 10. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar 9 teams 57 watchers
  • 11. Netflix subscribers and the devices that they use User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  • 12. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Where we were What we did Wins
  • 13. Where we were User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  • 14. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 User Login
  • 15. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API EDGE ORIGIN Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login User Login
  • 16. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login success User Login
  • 17. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login success User Login customerId: 10192378 ESN: LGTV20165-193456G568 Expires: In 8 hours
  • 18. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login successSet-Cookie User Login customerId: 10192378 ESN: LGTV20165-193456G568 Expires: In 8 hours
  • 19. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Authenticate Request /browse
  • 20. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API EDGE ORIGIN /browse Authenticate Request /browse
  • 21. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API EDGE ORIGIN /browse Authenticate Request success KEY MANAGEMENT SERVICE /browse
  • 22. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices EDGE ORIGIN /browse Authenticate Request success MID-TIER SERVICES customerId: 10192378 ESN: LGTV20165-193456G568 KEY MANAGEMENT SERVICE /browse
  • 23. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices EDGE ORIGIN /browse Authenticate Request success MID-TIER SERVICES customerId: 10192378 ESN: LGTV20165-193456G568 KEY MANAGEMENT SERVICE /browse
  • 24. More than one service consuming cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  • 25. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
  • 26. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES/ios /android /atv ...
  • 27. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
  • 28. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
  • 29. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
  • 30. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
  • 31. At massive scale User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  • 32. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Netflix 158M+ subscribers
  • 33. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Netflix 158M+ subscribers 1B+ devices
  • 34. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Netflix 158M+ subscribers 1B+ devices 2M peak RPS
  • 35. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Authenticate Request / Extract Identity API ORIGIN KEY MANAGEMENT SERVICE = 2 million Requests Per Second
  • 36. More than one token type User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  • 37. Cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  • 38. Cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Signup
  • 39. Cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Signup - Login
  • 40. Cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Signup - Login - Discovery
  • 41. MSL Tokens User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Device authentication - Encryption Message Security Layer (MSL) https://www.infoq.com/news/2014/11/netflix-msl/
  • 42. MSL Tokens User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - License - Playback
  • 43. CTicket User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Legacy devices
  • 44. Partner Tokens User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - JWS, JWE - Non-member experiences
  • 45. - Signup - Sign-in - Discovery - License - Playback - Legacy devices - Non-member experience Cookies MSL Tokens CTicket Partner Tokens (JWS, JWE) User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  • 46. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
  • 47. - Multiple services consuming auth tokens - Multiple types of auth tokens - Massive scale - Inefficient, insecure & complicated Where we were User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  • 48. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
  • 49. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback API
  • 50. What we didUser & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  • 51. Moved authentication to the edge User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  • 52. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback API
  • 53. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback APICookie Service MSL Service Partner Service EAS
  • 54. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback APICookie Service MSL Service Partner Service EAS EDGE AUTHENTICATION SERVICES
  • 55. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE EAS renewal / device auth / key exchange Cookie Service MSL Service Partner Service valid and not expired 95% 5%
  • 56. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Cookie Service EAS valid but expired renewal call
  • 57. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Cookie Service EAS valid but expired renewal call failed
  • 58. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Cookie Service EAS valid but expired renewal call rescheduled resolved identity
  • 59. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Cookie Service EAS valid but expired renewal call rescheduled rescheduled cookie resolved identity
  • 60. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback APICookie Service MSL Service Partner Service EAS EDGE AUTHENTICATION SERVICES
  • 61. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback APICookie Service MSL Service Partner Service EAS EDGE AUTHENTICATION SERVICES
  • 62. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport
  • 63. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request
  • 64. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request - Contains user & device identity
  • 65. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request - Contains user & device identity - Internal to Netflix ecosystem
  • 66. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request - Contains user & device identity - Internal to Netflix ecosystem - Integrity protected by HMAC
  • 67. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request - Contains user & device identity - Internal to Netflix ecosystem - Integrity protected by HMAC - Protobuf format
  • 68. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; }
  • 69. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message Header { string originator = 1; }
  • 70. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; }
  • 71. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message UserInfo { Source source = 1; AuthenticationLevel auth_level = 2; Int64Wrapper customer_id = 3; Int64Wrapper account_owner_id = 4; repeated UserAction actions = ; }
  • 72. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message DeviceInfo { Source source = 1; AuthenticationLevel auth_level = 2; StringValue esn = 3; Int32Value device_type = 4; repeated DeviceAction actions = 5; }
  • 73. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message UserInfo { Source source = 1; AuthenticationLevel auth_level = 2; } message DeviceInfo { Source source = 1; AuthenticationLevel auth_level = 2; }
  • 74. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message UserInfo { Source source = 1; AuthenticationLevel auth_level = 2; } message DeviceInfo { Source source = 1; AuthenticationLevel auth_level = 2; } enum Source { COOKIE = 1; MSL = 2; PARTNER_TOKEN = 3; CTICKET = 4; }
  • 75. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message UserInfo { Source source = 1; AuthenticationLevel auth_level = 2; } message DeviceInfo { Source source = 1; AuthenticationLevel auth_level = 2; } enum AuthenticationLevel { LOW = 1; // untrusted transport HIGH = 2; // secure tokens over TLS HIGHEST = 3; // MSL or user credentials }
  • 76. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message Integrity { string key_name = 1; bytes hmac = 2; }
  • 77. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Introspector - Wrapper over passport binary data
  • 78. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Introspector - Wrapper over passport binary data public interface PassportIntrospector { Long getCustomerId(); Long getAccountOwnerId(); String getEsn(); String getPassportAsString(); ... }
  • 79. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Introspector - Wrapper over passport binary data public interface PassportIntrospector { Long getCustomerId(); Long getAccountOwnerId(); String getEsn(); String getPassportAsString(); ... } - Consumers create passportIntrospector from binary passport data factory.createIntrospector(passport);
  • 80. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Tooling Self-service tool for teams to decrypt passport
  • 81. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Actions message UserInfo { repeated UserAction actions = 6; ... } message DeviceInfo { repeated DeviceAction actions = 5; ... }
  • 82. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Actions message UserInfo { repeated UserAction actions = 6; ... } message DeviceInfo { repeated DeviceAction actions = 5; ... } - Explicit signal sent by the downstream services, when an update to user or device identity has been performed
  • 83. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Actions message UserInfo { repeated UserAction actions = 6; ... } message DeviceInfo { repeated DeviceAction actions = 5; ... } - Explicit signal sent by the downstream services, when an update to user or device identity has been performed - This "signal" is used by EAS to either create or update the corresponding type of token
  • 84. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action
  • 85. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action: User Login
  • 86. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 Passport Action: User Login
  • 87. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API EDGE ORIGIN Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login Passport Action: User Login (Device Bound)
  • 88. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login success Passport Action: User Login (Device Bound)
  • 89. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login success Passport Action: User Login (Device Bound) user loginuser login
  • 90. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login successSet-Cookie Passport Action: User Login Cookie Service (Device Bound) user loginuser login
  • 91. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action: Profile Switch
  • 92. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action: Profile Switch - Each profile has its own identity
  • 93. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action: Profile Switch - Each profile has its own identity - Switched profile tokens sent back to the device
  • 94. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Actions Separation Of Concerns Increased Visibility
  • 95. - Moved authentication to the edge - Streamlined the identity resolution and mutation path - Making consumption of user & device identity - Efficient, secure & simple What we did User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  • 96. WinsUser & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  • 97. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Token Agnostic Identity Downstream systems don't have to worry about authentication concerns
  • 98. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Simplified Authorization Downstream services use authentication level for authorization decisions
  • 99. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Simplified Authorization Before: long customerId = 2123125603L; String ESN = "NFXBOX-235F…";
  • 100. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Extensible Identity Model New attributes about user or device can be added
  • 101. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Local cache for up to date subscriber data message UserInfo { BytesValue subscriber_account ... } Placeholder for local cache of subscriber data
  • 102. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned Offloaded token processing which resulted into significant gains for - CPU - Request Latency - GC - Cluster Footprint We were able to fine-tune EAS systems based on the token processing profile
  • 103. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned Offloaded token processing which resulted into significant gains for - CPU - Request Latency - GC - Cluster Footprint We were able to fine tune EAS systems based on the token processing profile
  • 104. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned - 30% reduction in CPU cost per request - 40% reduction in load average CPU to RPS ratio for API instance
  • 105. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned - 30% reduction in average latency - 99th percentile latency dropping by 20% Response time for API instance
  • 106. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned - Significant reduction in GC pressure and GC pause times Stop the world GC for API cluster
  • 107. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Increased Visibility Increased visibility into identities flowing in and out of Netflix ecosystem ...and into the identity mutations happening in a request
  • 108. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Developer Velocity Greatly increased developer velocity for authentication related changes
  • 109. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Team focused on security Separation of concerns among the teams
  • 110. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Key Takeaways - Token agnostic identity model - Simplified authorization - Extensible identity model - Offloaded all the token processing from many systems - Fine tuned individual microservices to suit the token processing profile - Increased visibility into identities flowing and corresponding mutations - Increased developer velocity for authentication & identity related changes - Team focused on security
  • 112. Watch the video with slide synchronization on InfoQ.com! https://www.infoq.com/presentations/ netflix-user-identity/