Code Much less, Obtain Extra: Disney+ Hotstar’s Method to Fashionable Entry Management | by Eason Xu | Jan, 2024

7 min learn

·

Jan 2, 2024

Within the advanced organizational software panorama, inside instruments like monitoring dashboards, IT service portals, and content material administration methods are widespread. The widespread use of service-to-service (S2S) calls can also be prevalent within the microservices period. Nevertheless, making certain AAA safety for these instruments is difficult resulting from a number of teams’ involvement. Regardless of the choice to combine third-party Identification Suppliers (IDPs) like Okta or Google, builders face a steep studying curve coping with IDP documentation and the complexities of authentication and authorization protocols. Furthermore, builders usually hesitate to prioritize authentication and safety, perceiving them as separate from core enterprise values.

To deal with this problem, we created IAuth, a low-code platform at Hotstar. IAuth empowers functions to attain AAA safety with minimal developer effort, eliminating the necessity for intensive safety experience. It rapidly gained traction inside Disney+ Hotstar and obtained appreciable acclaim from 50+ functions. This weblog explores the journey behind the creation of IAuth.

Earlier than implementing IAuth, our inside functions had a fragmented and disorderly authentication framework. Totally different functions used numerous IDPs like Google, Okta, and Disney’s inside IDP (MyID). Some functions even relied on their very own username and password mechanisms. Diagram 1 illustrates this state of affairs.

Authorization added additional segregation and fragmentation. Diagram 2 exhibits that functions independently constructed their authorization mechanisms. Some first-party functions used topics inside their service code (Case 2), whereas others saved permissions within the IDP utilizing person teams and applied logic within the OAuth protocol circulate (Case 1). Third-party functions relied on its built-in mechanism and the IDP offered by the third occasion for permission controls (Case 3). For S2S calls, sure builders shared a hard-coded token between the caller and callee, embedding it within the HTTP header (Case 4).

This fragmented and disorderly nature presents a lot of points:

• Administrative Overhead: IT directors battle with managing dispersed worker accounts throughout a number of IDPs and dealing with person permissions on particular person software dashboards, amplifying the problem because the variety of functions and customers grows.
• Safety Monitoring Hurdles: The fragmented AAA safety processes hinder efficient monitoring, leaving the safety group unaware of potential points. Furthermore, the absence of centralized auditing logs, presently counting on service builders for development, results in a scarcity of complete audit trails throughout a number of companies which inhibits efficient investigations into safety incidents.
• Compromised Safety Practices: Safety requirements could also be compromised resulting from oversight from our builders. As an example, the reliance on a easy hard-coded token shared between service-to-service (S2S) calls, whereas easy, raises issues in regards to the total safety posture. Moreover, the redundancy of accounts brought on by a number of IDPs may end up in the persistence of worker accounts even after they’ve left the corporate, posing a threat of knowledge leakage.
• Redundant Growth and Complicated Integration: Builders make investments assets in duplicating AAA safety, requiring further work throughout IDP adjustments. Moreover, integrating with numerous IDPs and authorization protocols presents challenges, demanding a deep understanding, safe implementation, and a balanced strategy to necessities, safety, and person expertise.
• Lowered Resiliency and Fault Tolerance: Dependence on a single IDP raises issues about resiliency and fault tolerance, as a disruption within the IDP impacts all companies and functions, highlighting the necessity for a extra adaptive structure.

IAuth, serves as a low-code inside platform, enabling functions to attain AAA safety by means of three easy steps:

1. Create your service by way of the IAuth Portal

2. Combine with IAuth SDK with a number of traces of code

// 1. provoke SDK along with your 
iauthClient = iauth.NewIAuth( false,
)
// 2. apply SDK to your http middleware
router.Use(iauthClient.Middleware())

3. Arrange permissions, roles and assignments by way of the IAuth Portal

Within the sections beneath, we’ll discuss some core options of IAuth.

IDP-agnostic Structure

IAuth builds an IDP-agnostic Single Signal-On (SSO) structure, enabling seamless compatibility with any IDP. This flexibility empowers service homeowners to decide on the required IDP based mostly on completely different wants, permitting organizations to do IDP migration with out impacting any functions. Moreover, IAuth can work as an account provisioning instrument, aggregating and correlating accounts sourcing from all IDPs.

In Diagram 5, we illustrate the method of an worker accessing an software:

1. Initially, the worker initiates entry to the applying, which triggers redirection to the IAuth Login Heart for authentication.
2. Subsequently, the worker undergoes a sequence of verifications by means of IDPs or IAuth itself.
3. After the verification, the request is redirected again to the IAuth Login Heart
4. Upon profitable authentication, the browser obtains a sound iauth token.
5. With this iauth token, the browser can seamlessly entry functions with out encountering repetitive login prompts.

Centralized Authorization and Full-Practical RBAC

IAuth supplies a centralized and full-functional entry management mannequin for managing entry in numerous eventualities. As illustrated in Diagram 6, this mannequin is constructed based mostly on RBAC (Function-Based mostly Entry Management), whereby every software is handled as a separate authorization house, as a substitute of contemplating the complete functions of Hotstar as a single authorization house. Inside every authorization house, conventional RBAC is utilized. This mannequin gives complete management to IAuth homeowners whereas permitting software homeowners to retain management over their particular functions. In the meantime, software homeowners have the pliability to customise roles and permissions with out limitations.

Based mostly on the highly effective entry management mannequin, entry to all functions in numerous eventualities may be managed by way of the IAuth Coverage Heart. As illustrated in Diagram 7.

• First-party functions confirm tokens after which verify permissions based mostly on coverage information synchronized from the IAuth Coverage Heart (Case 1, 2).
• Third-party functions retrieve function info from tokens issued by the IAuth Login Heart and make the most of the built-in RBAC mechanisms to confirm permissions. The RBAC mechanism pre-defines applicable permissions for particular roles (Case 3).
• Moreover, for S2S calls between first-party functions, the caller acquires a service token from the built-in IAuth SDK and consists of it within the requests despatched to the callee (Case 4).

Safe and Resilient Service Tokens

To deal with hard-coded token safety issues, IAuth develops a safe service token mechanism for S2S contexts. This mechanism combines short-term tokens with panic tokens (long-term tokens) for enhanced safety and resilience. Brief-term service tokens have a restricted Time-to-Reside (TTL) and computerized rotation to attenuate token leakage impression. Panic tokens, with a everlasting TTL, guarantee constant resiliency in failover eventualities with out compromising safety.

In Diagram 8, after integrating the IAuth SDK, it maintains a periodically refreshed short-term service token. It additionally masses a panic service token from the application-dedicated Vault. Throughout regular operation, the caller makes use of the short-term service token to entry different functions. Within the occasion of IAuth crashing, the caller switches to the panic service token. The IAuth SDK determines which token to offer based mostly on IAuth’s standing. Word that the panic service token is solely supposed for failover eventualities. As soon as the callee receives the request, it verifies the token earlier than responding. IAuth Coverage Heart manages and controls the permissions assigned to those tokens.

Clear Auditing Structure

IAuth makes use of a centralized authorization mechanism and implements a clear and strong auditing structure. This structure requires no further developer effort. Occasions generated by numerous elements inside the IAuth ecosystem are seamlessly transmitted to the IAuth Occasion Heart by means of a resilient mechanism. This mechanism helps batch importing, reminiscence consumption management, time administration, and retry capabilities to deal with failures successfully. All occasions are saved in a standardized format and may be simply queried by means of IAuth dashboards, offering a handy and centralized strategy to watch and analyze system actions.

By using IDP-agnostic SSO, centralized authorization, full-functional RBAC entry mannequin, safe and resilient service tokens, and clear auditing, IAuth simplifies AAA safety, boosts productiveness, and enhances total safety. Our future purpose is to discover a zero-trust answer leveraging IAuth’s capabilities.

Enthusiastic about disrupting the OTT panorama at never-seen-before scale? Try: https://careers.hotstar.com/