Play all

Intro

Credits: Solving the Bottom Turtle Booksprint

Agenda

Solving for the Bottom Turtle

PKI/Auth Pain points in Modern Applicatio

Reasons to use SPIFFE and SPIRE

SPIFFE in a turtleshell

Trust domains

SPIRE Server

SPIRE Agent

SPIRE Plugin Architecture

Node attestation

Workload Attestation

Security Boundaries: Workload Agent

Security Boundaries: Agent Server

Security Boundaries: Server Server

Single Trust Domain Deployment

Single Trust Domain High Availability

Nested SPIRE Deployment

Federated SPIRE

Enabling software thru SPIFFE-Aware Prom

Automated Registration Entries

Independent Islands vs Bridged Islands

Other Considerations for Scale

Description:

Explore recommended practices for implementing SPIFFE/SPIRE at scale in this 25-minute conference talk from KubeCon + CloudNativeCon Europe 2021. Dive into the concept of a "production identity control plane" and learn how to establish trusted bi-directional communication in distributed systems. Discover solutions for common identity challenges, including credential rotation, federation with other systems, and policy implementation. Gain insights on leveraging the identity control plane for service-to-service communication in complex, heterogeneous environments. Examine topics such as PKI/Auth pain points, SPIFFE and SPIRE components, trust domains, security boundaries, deployment strategies, and considerations for scaling your identity infrastructure.

The Production Identity Control Plane - Recommended Practices for SPIFFE-SPIRE at Scale

CNCF [Cloud Native Computing Foundation]

Add to list

#Conference Talks #Computer Science #Distributed Systems #Information Security (InfoSec) #Cybersecurity #Identity Management #SPIFFE #Machine Learning #SPIRE

0:00 / 0:00