Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

User & Device Identity for Microservices @ Netflix Scale

43 views

Published on

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2S9tOgy.

Satyajit Thadeshwar provides useful insights on how Netflix implemented a secure, token-agnostic, identity solution that works with services operating at a massive scale. He shares some of the lessons learned from this process, both from architectural diagrams and code. Filmed at qconsf.com.

Satyajit Thadeshwar is an engineer on the Product Edge Access Services team at Netflix, where he works on some of the most critical services focusing on user and device authentication. He has more than a decade of experience building fault-tolerant and highly scalable, distributed systems.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

User & Device Identity for Microservices @ Netflix Scale

  1. 1. User & Device Identity For Microservices @ Netflix Scale Satyajit Thadeshwar QCon San Francisco 2019
  2. 2. InfoQ.com: News & Community Site • Over 1,000,000 software developers, architects and CTOs read the site world- wide every month • 250,000 senior developers subscribe to our weekly newsletter • Published in 4 languages (English, Chinese, Japanese and Brazilian Portuguese) • Post content from our QCon conferences • 2 dedicated podcast channels: The InfoQ Podcast, with a focus on Architecture and The Engineering Culture Podcast, with a focus on building • 96 deep dives on innovative topics packed as downloadable emags and minibooks • Over 40 new content items per week Watch the video with slide synchronization on InfoQ.com! https://www.infoq.com/presentations/ netflix-user-identity/
  3. 3. Purpose of QCon - to empower software development by facilitating the spread of knowledge and innovation Strategy - practitioner-driven conference designed for YOU: influencers of change and innovation in your teams - speakers and topics driving the evolution and innovation - connecting and catalyzing the influencers and innovators Highlights - attended by more than 12,000 delegates since 2007 - held in 9 cities worldwide Presented at QCon San Francisco www.qconsf.com
  4. 4. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Logged out? #$%&!
  5. 5. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Logged out? #$%&!
  6. 6. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Time CoreStreamingMetric Current Last Week
  7. 7. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Satyajit Thadeshwar Product Edge Access Systems sthadeshwar@netflix.com
  8. 8. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Complicated
  9. 9. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  10. 10. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar 9 teams 57 watchers
  11. 11. Netflix subscribers and the devices that they use User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  12. 12. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Where we were What we did Wins
  13. 13. Where we were User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  14. 14. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 User Login
  15. 15. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API EDGE ORIGIN Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login User Login
  16. 16. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login success User Login
  17. 17. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login success User Login customerId: 10192378 ESN: LGTV20165-193456G568 Expires: In 8 hours
  18. 18. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login successSet-Cookie User Login customerId: 10192378 ESN: LGTV20165-193456G568 Expires: In 8 hours
  19. 19. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Authenticate Request /browse
  20. 20. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API EDGE ORIGIN /browse Authenticate Request /browse
  21. 21. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API EDGE ORIGIN /browse Authenticate Request success KEY MANAGEMENT SERVICE /browse
  22. 22. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices EDGE ORIGIN /browse Authenticate Request success MID-TIER SERVICES customerId: 10192378 ESN: LGTV20165-193456G568 KEY MANAGEMENT SERVICE /browse
  23. 23. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices EDGE ORIGIN /browse Authenticate Request success MID-TIER SERVICES customerId: 10192378 ESN: LGTV20165-193456G568 KEY MANAGEMENT SERVICE /browse
  24. 24. More than one service consuming cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  25. 25. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
  26. 26. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES/ios /android /atv ...
  27. 27. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
  28. 28. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
  29. 29. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
  30. 30. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
  31. 31. At massive scale User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  32. 32. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Netflix 158M+ subscribers
  33. 33. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Netflix 158M+ subscribers 1B+ devices
  34. 34. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Netflix 158M+ subscribers 1B+ devices 2M peak RPS
  35. 35. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Authenticate Request / Extract Identity API ORIGIN KEY MANAGEMENT SERVICE = 2 million Requests Per Second
  36. 36. More than one token type User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  37. 37. Cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  38. 38. Cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Signup
  39. 39. Cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Signup - Login
  40. 40. Cookies User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Signup - Login - Discovery
  41. 41. MSL Tokens User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Device authentication - Encryption Message Security Layer (MSL) https://www.infoq.com/news/2014/11/netflix-msl/
  42. 42. MSL Tokens User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - License - Playback
  43. 43. CTicket User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - Legacy devices
  44. 44. Partner Tokens User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar - JWS, JWE - Non-member experiences
  45. 45. - Signup - Sign-in - Discovery - License - Playback - Legacy devices - Non-member experience Cookies MSL Tokens CTicket Partner Tokens (JWS, JWE) User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  46. 46. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
  47. 47. - Multiple services consuming auth tokens - Multiple types of auth tokens - Massive scale - Inefficient, insecure & complicated Where we were User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  48. 48. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service lolomo / Search DRM Other services EDGE ORIGINS MID-TIER SERVICES
  49. 49. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback API
  50. 50. What we didUser & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  51. 51. Moved authentication to the edge User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  52. 52. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback API
  53. 53. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback APICookie Service MSL Service Partner Service EAS
  54. 54. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback APICookie Service MSL Service Partner Service EAS EDGE AUTHENTICATION SERVICES
  55. 55. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE EAS renewal / device auth / key exchange Cookie Service MSL Service Partner Service valid and not expired 95% 5%
  56. 56. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Cookie Service EAS valid but expired renewal call
  57. 57. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Cookie Service EAS valid but expired renewal call failed
  58. 58. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Cookie Service EAS valid but expired renewal call rescheduled resolved identity
  59. 59. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Cookie Service EAS valid but expired renewal call rescheduled rescheduled cookie resolved identity
  60. 60. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback APICookie Service MSL Service Partner Service EAS EDGE AUTHENTICATION SERVICES
  61. 61. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Device Auth Service Legacy API Netflix Microservices SIGNUP FLOW SERVICE subscriber auth service EDGE ORIGINS MID-TIER SERVICES NodeJS Services Lolomo / Search DRM Other services Discovery API Playback APICookie Service MSL Service Partner Service EAS EDGE AUTHENTICATION SERVICES
  62. 62. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport
  63. 63. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request
  64. 64. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request - Contains user & device identity
  65. 65. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request - Contains user & device identity - Internal to Netflix ecosystem
  66. 66. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request - Contains user & device identity - Internal to Netflix ecosystem - Integrity protected by HMAC
  67. 67. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport - Identity structure created at the edge for each request - Contains user & device identity - Internal to Netflix ecosystem - Integrity protected by HMAC - Protobuf format
  68. 68. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; }
  69. 69. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message Header { string originator = 1; }
  70. 70. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; }
  71. 71. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message UserInfo { Source source = 1; AuthenticationLevel auth_level = 2; Int64Wrapper customer_id = 3; Int64Wrapper account_owner_id = 4; repeated UserAction actions = ; }
  72. 72. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message DeviceInfo { Source source = 1; AuthenticationLevel auth_level = 2; StringValue esn = 3; Int32Value device_type = 4; repeated DeviceAction actions = 5; }
  73. 73. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message UserInfo { Source source = 1; AuthenticationLevel auth_level = 2; } message DeviceInfo { Source source = 1; AuthenticationLevel auth_level = 2; }
  74. 74. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message UserInfo { Source source = 1; AuthenticationLevel auth_level = 2; } message DeviceInfo { Source source = 1; AuthenticationLevel auth_level = 2; } enum Source { COOKIE = 1; MSL = 2; PARTNER_TOKEN = 3; CTICKET = 4; }
  75. 75. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message UserInfo { Source source = 1; AuthenticationLevel auth_level = 2; } message DeviceInfo { Source source = 1; AuthenticationLevel auth_level = 2; } enum AuthenticationLevel { LOW = 1; // untrusted transport HIGH = 2; // secure tokens over TLS HIGHEST = 3; // MSL or user credentials }
  76. 76. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message Integrity { string key_name = 1; bytes hmac = 2; }
  77. 77. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Introspector - Wrapper over passport binary data
  78. 78. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Introspector - Wrapper over passport binary data public interface PassportIntrospector { Long getCustomerId(); Long getAccountOwnerId(); String getEsn(); String getPassportAsString(); ... }
  79. 79. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Introspector - Wrapper over passport binary data public interface PassportIntrospector { Long getCustomerId(); Long getAccountOwnerId(); String getEsn(); String getPassportAsString(); ... } - Consumers create passportIntrospector from binary passport data factory.createIntrospector(passport);
  80. 80. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Tooling Self-service tool for teams to decrypt passport
  81. 81. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Actions message UserInfo { repeated UserAction actions = 6; ... } message DeviceInfo { repeated DeviceAction actions = 5; ... }
  82. 82. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Actions message UserInfo { repeated UserAction actions = 6; ... } message DeviceInfo { repeated DeviceAction actions = 5; ... } - Explicit signal sent by the downstream services, when an update to user or device identity has been performed
  83. 83. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Actions message UserInfo { repeated UserAction actions = 6; ... } message DeviceInfo { repeated DeviceAction actions = 5; ... } - Explicit signal sent by the downstream services, when an update to user or device identity has been performed - This "signal" is used by EAS to either create or update the corresponding type of token
  84. 84. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action
  85. 85. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action: User Login
  86. 86. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul EDGE Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 Passport Action: User Login
  87. 87. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API EDGE ORIGIN Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login Passport Action: User Login (Device Bound)
  88. 88. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login success Passport Action: User Login (Device Bound)
  89. 89. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login success Passport Action: User Login (Device Bound) user loginuser login
  90. 90. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Zuul API Netflix Microservices auth service EDGE ORIGIN MID-TIER SERVICES Email: jsmith@gmail.com Password: ******** ESN: LGTV20165-193456G568 /login successSet-Cookie Passport Action: User Login Cookie Service (Device Bound) user loginuser login
  91. 91. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action: Profile Switch
  92. 92. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action: Profile Switch - Each profile has its own identity
  93. 93. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Action: Profile Switch - Each profile has its own identity - Switched profile tokens sent back to the device
  94. 94. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Passport Actions Separation Of Concerns Increased Visibility
  95. 95. - Moved authentication to the edge - Streamlined the identity resolution and mutation path - Making consumption of user & device identity - Efficient, secure & simple What we did User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  96. 96. WinsUser & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar
  97. 97. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Token Agnostic Identity Downstream systems don't have to worry about authentication concerns
  98. 98. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Simplified Authorization Downstream services use authentication level for authorization decisions
  99. 99. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Simplified Authorization Before: long customerId = 2123125603L; String ESN = "NFXBOX-235F…";
  100. 100. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Extensible Identity Model New attributes about user or device can be added
  101. 101. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Local cache for up to date subscriber data message UserInfo { BytesValue subscriber_account ... } Placeholder for local cache of subscriber data
  102. 102. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned Offloaded token processing which resulted into significant gains for - CPU - Request Latency - GC - Cluster Footprint We were able to fine-tune EAS systems based on the token processing profile
  103. 103. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned Offloaded token processing which resulted into significant gains for - CPU - Request Latency - GC - Cluster Footprint We were able to fine tune EAS systems based on the token processing profile
  104. 104. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned - 30% reduction in CPU cost per request - 40% reduction in load average CPU to RPS ratio for API instance
  105. 105. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned - 30% reduction in average latency - 99th percentile latency dropping by 20% Response time for API instance
  106. 106. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Offloaded & Fine Tuned - Significant reduction in GC pressure and GC pause times Stop the world GC for API cluster
  107. 107. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Increased Visibility Increased visibility into identities flowing in and out of Netflix ecosystem ...and into the identity mutations happening in a request
  108. 108. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Developer Velocity Greatly increased developer velocity for authentication related changes
  109. 109. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Team focused on security Separation of concerns among the teams
  110. 110. User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Key Takeaways - Token agnostic identity model - Simplified authorization - Extensible identity model - Offloaded all the token processing from many systems - Fine tuned individual microservices to suit the token processing profile - Increased visibility into identities flowing and corresponding mutations - Increased developer velocity for authentication & identity related changes - Team focused on security
  111. 111. Thank You. Satyajit Thadeshwar sthadeshwar@netflix.com https://www.linkedin.com/in/satyajit-thadeshwar
  112. 112. Watch the video with slide synchronization on InfoQ.com! https://www.infoq.com/presentations/ netflix-user-identity/

×