Abstract

As most developers can attest, dealing with security protocols and identity tokens, as well as user and device authentication, can be challenging. Imagine having multiple protocols, multiple tokens, 200M+ users, and thousands of device types, and the problem can explode in scope. A few years ago, we decided to address this complexity by spinning up a new initiative, and eventually a new team, to move the complex handling of user and device authentication, and various security protocols and tokens, to the edge of the network, managed by a set of centralized services, and a single team. In the process, we changed end-to-end identity propagation within the network of services to use a cryptographically-verifiable token-agnostic identity object.

Read on to learn more about this journey and how we have been able to:

- Reduce complexity for service owners, who no longer need to have knowledge of and responsibility for terminating security protocols and dealing with myriad security tokens,

- Improve security by delegating token management to services and teams with expertise in this area, and

- Improve audit-ability and forensic analysis.

Links

• Netflix Tech Blog

Citation

Casella, K., Nelson, T., Singh, S., 2021. Edge Authentication and Token-Agnostic Identity Propagation. The Netflix Tech Blog. URL https://netflixtechblog.com/edge-authentication-and-token-agnostic-identity-propagation-514e47e0b602 (accessed 5.30.21).