user device identity for microservices netflix scale
play

User & Device Identity For Microservices @ Netflix Scale - PowerPoint PPT Presentation

Feb 04, 2024 •186 likes •1.28k views

User & Device Identity For Microservices @ Netflix Scale Satyajit Thadeshwar QCon San Francisco 2019 Logged out? #$%&! User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar Logged out? #$%&! User

  1. EDGE ORIGINS MID-TIER SERVICES API Netflix Microservices Device Auth Zuul Service subscriber SIGNUP Legacy FLOW auth SERVICE API service EAS Lolomo / Search NodeJS Discovery Services API DRM Playback Cookie MSL Partner Other services API Service Service Service User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  2. EDGE ORIGINS MID-TIER SERVICES API Netflix Microservices Device Auth Zuul Service subscriber SIGNUP Legacy FLOW auth SERVICE API service EAS Lolomo / Search NodeJS Discovery Services API DRM Playback Cookie MSL Partner Other services API Service Service Service EDGE AUTHENTICATION SERVICES User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  3. EDGE valid and not expired 95% Zuul EAS renewal / device auth / key exchange 5% Cookie MSL Partner Service Service Service User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  4. EDGE valid but expired Zuul EAS renewal call Cookie Service User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  5. EDGE valid but expired Zuul EAS renewal call failed Cookie Service User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  6. EDGE valid but expired resolved identity Zuul EAS renewal call rescheduled Cookie Service User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  7. EDGE valid but expired resolved identity Zuul rescheduled cookie EAS renewal call rescheduled Cookie Service User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  8. EDGE ORIGINS MID-TIER SERVICES API Netflix Microservices Device Auth Zuul Service subscriber SIGNUP Legacy FLOW auth SERVICE API service EAS Lolomo / Search NodeJS Discovery Services API DRM Playback Cookie MSL Partner Other services API Service Service Service EDGE AUTHENTICATION SERVICES User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  9. EDGE ORIGINS MID-TIER SERVICES API Netflix Microservices Device Auth Zuul Service subscriber SIGNUP Legacy FLOW auth SERVICE API service EAS Lolomo / NodeJS Discovery Search Services API DRM Playback Cookie MSL Partner API Other services Service Service Service EDGE AUTHENTICATION SERVICES User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  10. Passport User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  11. Passport - Identity structure created at the edge for each request User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  12. Passport - Identity structure created at the edge for each request - Contains user & device identity User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  13. Passport - Identity structure created at the edge for each request - Contains user & device identity - Internal to Netflix ecosystem User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  14. Passport - Identity structure created at the edge for each request - Contains user & device identity - Internal to Netflix ecosystem - Integrity protected by HMAC User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  15. Passport - Identity structure created at the edge for each request - Contains user & device identity - Internal to Netflix ecosystem - Integrity protected by HMAC - Protobuf format User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  16. Passport message Passport { Header header = 1; UserInfo user_info = 2 ; DeviceInfo device_info = 3 ; Integrity user_integrity = 4 ; Integrity device_integrity = 5 ; } User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  17. Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message Header { string originator = 1; } User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  18. Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  19. Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message UserInfo { Source source = 1 ; AuthenticationLevel auth_level = 2 ; Int64Wrapper customer_id = 3 ; Int64Wrapper account_owner_id = 4 ; repeated UserAction actions = ; } User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  20. Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3 ; Integrity user_integrity = 4; Integrity device_integrity = 5; } message DeviceInfo { Source source = 1 ; AuthenticationLevel auth_level = 2 ; StringValue esn = 3 ; Int32Value device_type = 4 ; repeated DeviceAction actions = 5 ; } User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  21. Passport message UserInfo { Source source = 1 ; AuthenticationLevel auth_level = 2 ; } message DeviceInfo { Source source = 1 ; AuthenticationLevel auth_level = 2 ; } User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  22. Passport message UserInfo { Source source = 1 ; AuthenticationLevel auth_level = 2; } message DeviceInfo { Source source = 1 ; AuthenticationLevel auth_level = 2; } enum Source { COOKIE = 1 ; MSL = 2 ; PARTNER_TOKEN = 3 ; CTICKET = 4 ; } User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  23. Passport message UserInfo { Source source = 1; AuthenticationLevel auth_level = 2 ; } message DeviceInfo { Source source = 1; AuthenticationLevel auth_level = 2 ; } enum AuthenticationLevel { LOW = 1 ; // untrusted transport HIGH = 2 ; // secure tokens over TLS HIGHEST = 3 ; // MSL or user credentials } User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  24. Passport message Passport { Header header = 1; UserInfo user_info = 2; DeviceInfo device_info = 3; Integrity user_integrity = 4; Integrity device_integrity = 5; } message Integrity { string key_name = 1 ; bytes hmac = 2 ; } User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  25. Passport Introspector - Wrapper over passport binary data User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  26. Passport Introspector - Wrapper over passport public interface PassportIntrospector { binary data Long getCustomerId (); Long getAccountOwnerId (); String getEsn (); String getPassportAsString (); ... } User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  27. Passport Introspector - Wrapper over passport public interface PassportIntrospector { binary data Long getCustomerId (); Long getAccountOwnerId (); String getEsn (); String getPassportAsString (); ... } - Consumers create factory.createIntrospector(passport); passportIntrospector from binary passport data User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  28. Tooling Self-service tool for teams to decrypt passport User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  29. Passport Actions message UserInfo { repeated UserAction actions = 6 ; ... } message DeviceInfo { repeated DeviceAction actions = 5 ; ... } User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  30. Passport Actions - Explicit signal sent by the message UserInfo { repeated UserAction actions = 6 ; downstream services, when an update ... to user or device identity has been } performed message DeviceInfo { repeated DeviceAction actions = 5 ; ... } User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  31. Passport Actions - Explicit signal sent by the message UserInfo { repeated UserAction actions = 6 ; downstream services, when an update ... to user or device identity has been } performed message DeviceInfo { repeated DeviceAction actions = 5 ; - This "signal" is used by EAS to either ... create or update the corresponding } type of token User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  32. Passport Action User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  33. Passport Action: User Login User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  34. Passport Action: User Login EDGE Email : jsmith@gmail.com Password : ******** ESN : LGTV20165-193456G568 Zuul User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  35. Passport Action: User Login EDGE ORIGIN (Device Bound) Email : jsmith@gmail.com Password : ******** ESN : LGTV20165-193456G568 /login Zuul API User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  36. Passport Action: User Login MID-TIER SERVICES EDGE ORIGIN (Device Bound) Netflix Microservices Email : jsmith@gmail.com Password : ******** ESN : LGTV20165-193456G568 /login Zuul API auth service success User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  37. Passport Action: User Login MID-TIER SERVICES EDGE ORIGIN (Device Bound) Netflix Microservices Email : jsmith@gmail.com Password : ******** ESN : LGTV20165-193456G568 /login Zuul API auth service success user login user login User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  38. Passport Action: User Login MID-TIER SERVICES EDGE ORIGIN (Device Bound) Netflix Microservices Email : jsmith@gmail.com Password : ******** ESN : LGTV20165-193456G568 /login Zuul API auth service Set-Cookie success user login user login Cookie Service User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  39. Passport Action: Profile Switch User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  40. Passport Action: Profile Switch - Each profile has its own identity User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  41. Passport Action: Profile Switch - Each profile has its own identity - Switched profile tokens sent back to the device User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  42. Passport Actions Separation Of Increased Concerns Visibility User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  43. What we did - Moved authentication to the edge - Streamlined the identity resolution and mutation path - Making consumption of user & device identity - Efficient, secure & simple User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  44. Wins User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  45. Token Agnostic Identity Downstream systems don't have to worry about authentication concerns User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  46. Simplified Authorization Downstream services use authentication level for authorization decisions User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  47. Simplified Authorization Before: long customerId = 2123125603L; String ESN = "NFXBOX-235F … "; User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  48. Extensible Identity Model New attributes about user or device can be added User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  49. Local cache for up to date message UserInfo { subscriber data BytesValue subscriber_account ... } Placeholder for local cache of subscriber data User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

  50. Offloaded & Offloaded token processing which Fine Tuned resulted into significant gains for - CPU - Request Latency - GC - Cluster Footprint We were able to fine-tune EAS systems based on the token processing profile User & Device Identity for Microservices @ Netflix Scale Satyajit Thadeshwar

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Microservices at Netflix Scale First Principles, Tradeoffs, Lessons Learned Ruslan Meshenberg

Microservices at Netflix Scale First Principles, Tradeoffs, Lessons Learned Ruslan Meshenberg

Microservices at Netflix Scale First Principles, Tradeoffs, Lessons Learned Ruslan Meshenberg @rusmeshenberg Microservices: all benefits, no costs? Netflix is the worlds leading Internet television network with over 81 million members in

1.01k views • 62 slides
How We Know Where You Are in House of Cards @zimmermatt Netflix Scale @zimmermatt Netflix

How We Know Where You Are in House of Cards @zimmermatt Netflix Scale @zimmermatt Netflix

Netflixs Viewing Data Microservices How We Know Where You Are in House of Cards @zimmermatt Netflix Scale @zimmermatt Netflix Scale 62,000,000 @zimmermatt Netflix Scale 62,000,000 50+ @zimmermatt Netflix Scale 62,000,000 50+

1.07k views • 90 slides
Netflix: Netflix: Petabyte Scale Petabyte Scale Analytics Infrastructure in Analytics

Netflix: Netflix: Petabyte Scale Petabyte Scale Analytics Infrastructure in Analytics

Netflix: Netflix: Petabyte Scale Petabyte Scale Analytics Infrastructure in Analytics Infrastructure in the Cloud the Cloud Daniel C. Weeks Tom Gianos Overview Data at Netflix Netflix Scale Platform Architecture Data

887 views • 60 slides
Microservice Layout in Netflix Polyglot Persistence Powering Microservices Roopa Tangirala

Microservice Layout in Netflix Polyglot Persistence Powering Microservices Roopa Tangirala

Microservice Layout in Netflix Polyglot Persistence Powering Microservices Roopa Tangirala Engineering Manager Netflix Agenda 5 Use Cases Challenges Current Approach Takeaway AWS S3 CDE Search, Analyze and visualize in

949 views • 75 slides
The Paved PaaS to Microservices Yunong Xiao, Principal Software Engineer, Netflix

The Paved PaaS to Microservices Yunong Xiao, Principal Software Engineer, Netflix

June 26, 2017 The Paved PaaS to Microservices Yunong Xiao, Principal Software Engineer, Netflix yunong@netflix.com, @yunongx, http://yunong.io 100 million customers in over 190 countries streaming 125 million hrs/day What is a Platform as a

804 views • 76 slides
Netflix: Integrating Spark At Petabyte Scale Ashwin Shankar Cheolsoo Park Outline 1. Netflix

Netflix: Integrating Spark At Petabyte Scale Ashwin Shankar Cheolsoo Park Outline 1. Netflix

Netflix: Integrating Spark At Petabyte Scale Ashwin Shankar Cheolsoo Park Outline 1. Netflix big data platform 2. Spark @ Netflix 3. Multi-tenancy problems 4. Predicate pushdown 5. S3 file listing 6. S3 insert overwrite 7. Zeppelin, Ipython

526 views • 52 slides
Reactive Microsystems The Evolution of Microservices at Scale Jonas Bonr @jboner

Reactive Microsystems The Evolution of Microservices at Scale Jonas Bonr @jboner

Reactive Microsystems The Evolution of Microservices at Scale Jonas Bonr @jboner Microservices Are Hyped So You Want To strangle The Almighty Monolith And Move Towards Microservices? Do Not Settle For Microliths Microlith Single

1.66k views • 127 slides
Peering to Scale the Netflix Perspective Scaling for Growth How Does Netflix Manage Growth?

Peering to Scale the Netflix Perspective Scaling for Growth How Does Netflix Manage Growth?

Peering to Scale the Netflix Perspective Scaling for Growth How Does Netflix Manage Growth? How Does Netflix Help You Manage Growth? What is My Peering Strategy The Future Scaling for Growth the Netflix Example Netflix Traffic

457 views • 20 slides
Migrating to Microservices Adrian Cockcroft @adrianco Technology Fellow - Battery Ventures GOTO

Migrating to Microservices Adrian Cockcroft @adrianco Technology Fellow - Battery Ventures GOTO

Migrating to Microservices Adrian Cockcroft @adrianco Technology Fellow - Battery Ventures GOTO Berlin - November 2014 Typical reactions to my Netflix talks Typical reactions to my Netflix talks You guys are crazy! Cant believe

1.23k views • 89 slides
Improving Netflix Performance Bill Scott Director, UI Engineering Netflix June 23, 2008 1

Improving Netflix Performance Bill Scott Director, UI Engineering Netflix June 23, 2008 1

Improving Netflix Performance Bill Scott Director, UI Engineering Netflix June 23, 2008 1 The Plan Accurately measure the full user experience performance Prior Page Request Response Page Web App Incrementally improve site

1.04k views • 24 slides
Securing the Perimeter around Your Microservices Wojciech Lesniak AUTHOR @voit3k Module

Securing the Perimeter around Your Microservices Wojciech Lesniak AUTHOR @voit3k Module

Securing the Perimeter around Your Microservices Wojciech Lesniak AUTHOR @voit3k Module Overview Basic Certificates Tokens, JWT Oauth2, OpenID authentication Connect Identity provider Microservices API Gateway Challenges with Edge

1.02k views • 87 slides
But what if I Youre not need to scale to a Netflix! million... E1M7: Monitoring E1M6:

But what if I Youre not need to scale to a Netflix! million... E1M7: Monitoring E1M6:

But what if I Youre not need to scale to a Netflix! million... E1M7: Monitoring E1M6: DevOps E1M5: Training E1M4: Production Workload E1M3: CI/CD E1M2: Managing Environments E1M1: Independent Delivery Legacy Legacy DB Exporter

695 views • 30 slides
Speed and Scale: How to get there. Adrian Cockcroft @adrianco May 2014 # | Battery

Speed and Scale: How to get there. Adrian Cockcroft @adrianco May 2014 # | Battery

Speed and Scale: How to get there. Adrian Cockcroft @adrianco May 2014 # | Battery Ventures Typical reactions to my Netflix talks What Netflix is doing You guys are wont work crazy! Cant 2010 It only works for

809 views • 77 slides
Sidecars and Service Meshes Next level scaling for microservices User Interface(s): HTML, CSS,

Sidecars and Service Meshes Next level scaling for microservices User Interface(s): HTML, CSS,

Sidecars and Service Meshes Next level scaling for microservices User Interface(s): HTML, CSS, etc HTTPS API Gateway: REST, gRPC, etc Message Session User Management Handling Management Post-Processing Data Retrieval Model Execution

513 views • 27 slides
How Netflix directs 1/3rd of Haley Tucker QCon San Francisco Mohit Vora Nov 16, 2015 Playback

How Netflix directs 1/3rd of Haley Tucker QCon San Francisco Mohit Vora Nov 16, 2015 Playback

How Netflix directs 1/3rd of Haley Tucker QCon San Francisco Mohit Vora Nov 16, 2015 Playback Overview DATA PLANE NETFLIX STREAM DEVICE (CDN) CONTROL PLANE Project 366 #59; 280212 Days Gone By..., CC BY-SA, Pete 2012, Flickr VIDEO

1.26k views • 112 slides
Abstraction via the OS Device Drivers Jonathan Misurda jmisurda@cs.pitt.edu Software Layers

Abstraction via the OS Device Drivers Jonathan Misurda jmisurda@cs.pitt.edu Software Layers

Abstraction via the OS Device Drivers Jonathan Misurda jmisurda@cs.pitt.edu Software Layers Device Drivers User User space program User User level I/O software & libraries Kernel space Device independent OS software Operating

765 views • 5 slides
THIALFI A Client Notification Service for Internet-Scale Applications Authors: Atul Adya, Gregory

THIALFI A Client Notification Service for Internet-Scale Applications Authors: Atul Adya, Gregory

THIALFI A Client Notification Service for Internet-Scale Applications Authors: Atul Adya, Gregory Cooper, Daniel Myers, Michael Piatek Google, Inc. Karol Nienatowski Problem Ensuring the freshness of client data for applications that rely

616 views • 39 slides
2/12/2019 Northeast Healthcare Preparedness Coalition Husky Energy Response Jo M. Thompson, MPH,

2/12/2019 Northeast Healthcare Preparedness Coalition Husky Energy Response Jo M. Thompson, MPH,

2/12/2019 Northeast Healthcare Preparedness Coalition Husky Energy Response Jo M. Thompson, MPH, Regional Healthcare Preparedness Coordinator Adam Shadiow, MBA, Regional Healthcare Preparedness Coordinator Marilyn Cluka, MS, RN, PHN, Public

604 views • 14 slides
SW I FT CONFERENCE 2 0 0 6 PAVEMENT DEFECTS AND REPAI R Mounir Moughabghab PEng AAE Outline 1 .

SW I FT CONFERENCE 2 0 0 6 PAVEMENT DEFECTS AND REPAI R Mounir Moughabghab PEng AAE Outline 1 .

SW I FT CONFERENCE 2 0 0 6 PAVEMENT DEFECTS AND REPAI R Mounir Moughabghab PEng AAE Outline 1 . I ntroduction to Pavem ent Defects 1 . I ntroduction to Pavem ent Defects 2 . Pavem ent Quality Characteristics 2 . Pavem ent Quality

442 views • 32 slides
Swift Object Encryption Janie Richling IBM Alistair Coles Hewlett Packard Enterprise Taking a

Swift Object Encryption Janie Richling IBM Alistair Coles Hewlett Packard Enterprise Taking a

Swift Object Encryption Janie Richling IBM Alistair Coles Hewlett Packard Enterprise Taking a look upstream Image: https://pixabay.com/en/sailor-spyglass-man-ship-lookout-40090/ Its a community effort Contributions from: Sam Merritt

549 views • 27 slides
ABILENE MPO TRANSPORTATION POLICY BOARD MEETING Tuesday, October 22, 2019 at 1:30 pm Conference

ABILENE MPO TRANSPORTATION POLICY BOARD MEETING Tuesday, October 22, 2019 at 1:30 pm Conference

ABILENE MPO TRANSPORTATION POLICY BOARD MEETING Tuesday, October 22, 2019 at 1:30 pm Conference Room South Branch Library 4310 Buffalo Gap Road, Abilene, Texas 1. Call to Order. Public comment may be taken on any agenda item during the

420 views • 38 slides
Evaluating Information Sources Nicholas Mignanelli, J.D., M.L.I.S. Reference & Instructional

Evaluating Information Sources Nicholas Mignanelli, J.D., M.L.I.S. Reference & Instructional

Evaluating Information Sources Nicholas Mignanelli, J.D., M.L.I.S. Reference & Instructional Services Librarian Eight Simple Rules for Evaluating Information Quality Rule 1: Consider the Source Rule 2: Check the Author Rule 3:

731 views • 16 slides
2017 IPA Tasmania Congress ONLINE INVESTIGATIONS & CURRENT THEATS TO BUSINESS 1 12/05/2017

2017 IPA Tasmania Congress ONLINE INVESTIGATIONS & CURRENT THEATS TO BUSINESS 1 12/05/2017

12/05/2017 //_18.5.2017 2017 IPA Tasmania Congress ONLINE INVESTIGATIONS & CURRENT THEATS TO BUSINESS 1 12/05/2017 Internet Investigations Theft of Intellectual Property Spear Phishing Ransomware Payroll Compromise

315 views • 27 slides
Teacher Librarians Critical Literacy and Fake News Richard Beaudry February 27, 2017 1.

Teacher Librarians Critical Literacy and Fake News Richard Beaudry February 27, 2017 1.

Teacher Librarians Critical Literacy and Fake News Richard Beaudry February 27, 2017 1. Identifying the issue A brief history of Online Hoaxes Hoaxes: They have been around since early history The Donation of Constantine in 776.

462 views • 45 slides

More recommend