Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Cloud Native Computing Foundation / KubeCon + CloudNativeCon Europe 2018 (Copenhagen) / 4 May 2018
Cloud Native Computing Foundation / KubeCon + CloudNativeCon Europe 2018 (Copenhagen) / 4 May 2018
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Cloud Native Identity Management - Andreas Zitzelsberger & Andrew Jessup

Description

Want to view more sessions and keep the conversations going? Join us for KubeCon + CloudNativeCon North America in Seattle, December 11 - 13, 2018 (http://bit.ly/KCCNCNA18) or in Shanghai, November 14-15 (http://bit.ly/kccncchina18)

Cloud Native Identity Management - Andreas Zitzelsberger, QAware GmbH & Andrew Jessup, Scytale Inc. (Intermediate Skill Level)

Identity Management (IDM) incorporates a definition of identity, authentication and authorization. Cloud native workload IDM is necessary to protect against an untrusted network and compromised or rogue workloads. As organisations start to take advantage of elastic scaling and dynamic scheduling IDM becomes more important, and more challenging. This talk will examine how we are working to solve these challenges in a large cloud project at a major insurance company. We’ll describe a real world architecture, built on the SPIFFE standard, open-source software including SPIRE and Vault and a sprinkle of custom code to provide workload authentication and authorization, zero-trust networking and rotating secrets. And finally we’ll discuss how this solution can also serve as the foundation for more security policy and traffic management capabilities based on technologies like Envoy and Istio.

About Andreas
Andreas is Principal Software Architect at QAware, an independent cloud native software manufacturer that has been repeatedly awarded Best IT Workplace in Germany. His focus is cloud native computing in all its glory. He is responsible for the heavy lifting at a large-scale cloud project for a major insurance company. Before sticking his head in the clouds, he created and implemented Big Data, IOT and even SOA architectures. When he’s not building software, he saves the world by analyzing and stabilizing misbehaving complex systems. Previous speaking experience: - Apache Big Data NA 2016, Clickstream Analysis with Apache Spark - Apache Big Data NA 2016, Real Time BOM explosions with Apache Spark and Solr - Data2Day 2015, Clickstream Analyse mit Apache Spark (German, essentially the same talk as the one at the Apache Big Data)

About Andrew
Andrew is the co-founder of Scytale, who are helping bring SPIFFE into the world. Find out more at https://github.com/spiffe/spiffe Andrew is an engineer, and entrepreneur with a passion for building tools that help bring simplicity to software development. Prior to co-founding Scytale, Andrew was a product manager on Google’s Cloud Platform, launching many of the automation primitives on Google Compute Engine (including Auto-scaling, Managed Instance Groups, and Deployment Manager), helping improve developer workflow with the Spinnaker and Container Builder projects, and helping improve accessibility to developers and operations teams. As an Australian in the San Francisco Bay Area, Andrew spends most of his spare time trying to sell his Midwestern wife on the virtues of Vegemite.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

A

Hello, my name is andreas trumpeter standard software, extra from german business andrew from skype that had karl-heinz b 421 show you our work in the source, workload management and relax play to you, the beast other fireworks should ultimately, in once upon a time user logic wrote, the salat cloud project for major company has andreas applications, macleod haile the sun window, microserver on the big mike radja applications.

A

That is why what people have has to come from the heart, linda, sentis, controller application, development department, city, avis, national corporation software, carries liegl requirements, things like the general data protection regulation. In the other lines, somehow hattrick security requirements is in essens from networking mean street zero trust and rusty. Wallace verify always encrypted classic porsche to date, like protect your patience with their efficiency with the money management of the works, this actually state of the art one from secure the technical level as before.

A

How has big way I clusters single identity in the single, castor, 100 clusters trusted definition, half on micro services, logician infrastructure, therefore, never to talk to everything as we have explorer of the station's, so that barry klassik.com really hard to manage the expensive cars just because of the complexity, stakes association would have and criticism on the complex, pks, hasanovic, lower court certificate reputation is concept already the chunk of economy doesn't work. You can't take that if it's, because you have that becomes obvious, your heaters elisabeth, the usetec steps award more manager will not soll falko.

A

Here a church is of value rows of the soviet business problem, julia technical level. The car is reminiscent of station existing business domain at the technical, but on the program no one puts that the image security, professional 1 on the course of the yuan, from here to the station, something with us just being in it so violent step back and look at the age of business problem. The release of the tu graz first minister, at public agency animals, trust identity, who is who can trust? Usa is october, a second to verify, identity and trust.

A

But if applications community really simple, very complicated in account, function and function, requirements that somehow to this knee to works scale needs to be able to deal. Would your needs claudia, warm and needs to stay management control of scale? The wall you scratched hotels, gets all the location. The network warns the old, as in the also the wall, distress, guest countries, glass, the wall pinned orchestras, different infrastructure service providers, miss station software installation sword awaits cloud, live from the ring haute source of the nominal load. Your knowledge, the harry potter, newspictures, bayern express.

B

That.

B

Give.

B

The.

B

Region.

B

Cars.

B

In front of the body immediately swear again, the lawyer with the beginnings is like inside handy.de 2, 3, pa münster.

A

The swisscom pharmacist, the preparation entity on the information necessary to reality is 50, milliliters, special cars and technical, and it is called it is. The membership, is special from a certificate and now, as a buffet paysafecard june, to validate the first it. Neither the second life watch as the central secret story. Worldwide.

A

Information per sms access control list.

A

List is over displays. Application mall is, according to publication, to run free to freezing, wanted to connect everything totally overkill. The surfboard is an essen text file services weekend cavaliers lower court is not a prophet ingrid connection for databases. You really annika secret world of should be back at speyer so that our oceans can too a ticket edward yu jing the bva this implement is like had but cammalleri from the moment.

A

The optical is based on two thumbs. The willy has no software hirst has keith richards as patrick the change, but the share of the software, a second the provider. If so, as a collective, all sit together. Python go to the max apache server cloud cloud, not a small piece of software. You can find at least two thumbs on java javascript.

A

Customizing regarding cryptography, so in java, which can actually dissertation online.

A

Initially started, which would have to be integrated firewall julia because of education, nature levels, first, transport level, while we want jls, of course, word except expects and certificate static, a provider if the cookies tatwort bad thing called the number process which means on the wanted started like attractive male choir around on keys to protect added weatherproof, so brilliant leto rotating certificates, but solution afar. It finally rolls, as bayer we are not at paid exit.

A

Labeling airspace has the second level api application level that also secondary education to play off and action is used for access. Controller from basica here is update the complex ation certificate volt users to off, and I pad clients all the time. The specific error free tv on the progress word out was unable to service the us check out the flames. 3 houston it. Yes, this the sent out support steam bath.

A

The work of the next world vision from the hotel, like can only verify the clientis woman trust domain at the futures oil crisis league dvb t stick texas at standard the party, so pudding into the car and architect reflects in the showcase, the private library. The heart as a single you can interface for applications and turn jesus. Bayer answer knows him almost exit rugby club professional. It is ready for security provider, concrete good.

A

First, the label text rather on action, painting identities of keeping a local copy on the access control is up to date and gas adds runtime error or misconfiguration. The ex epting opening connections, videos, the swn tivi head from the server client certificate. How will free counterpart users swr3 knows how verified the bvl the landlady the spd is. Unfortunately, coordinadora access control is so accurate.

A

That's why no one coaches, whether in united, because we integrated application in that the wall- clock 4, cross skating group on the application center infrastructure view violent is a better proxy, the culture of the mgv instance.

A

This hits part from september.

A

This is the exact type repository on the slide before last bayern consumption, this at servers agent deployment of anti aging deployment, is actually note points. Chaos is the bankruptcy of the demand.

A

Service private game, the cajun socket the used to express the works dpa. The small pots make it that william in the accessible outposter same car, but with starts at.

A

And that was pozzallo. The us selection state office click on next move on the world. You say: custom, bocker files for word, simply of automakers, indian dance, so great york before heliconia from showcase. This is a paragraph from production. The cost racket wanted to break security response that, but since map updates word, that was my last word.

A

Answer you catch the cartel 4 seconds because to come up next last play off locations attorney blog law school in.

A

This game, that is the library only before second place, would that be different, brings applications. Clothing. The insulation is a veritable server. The first single the pages shudders briefing works. Boxee is going to be the basic krejci proxy that is able to serve the edge gprs beck near speyer last.

A

The composer on the library the glass here will lothar diehl is the 'sunday times' representative system on the it business center, the bva, the technical identity, the sws certificate, the keeper rescued the certificate authorities that showed like straw, so trust next is the manager interface, which used to get the word labadia directly or get noticed that the changes and that masters, 4cross manager, small trustedwatch, implement the button seller server as well as check, is a small presence, be it via the fsg validated as we cryptography craft autocheck dsl is the communication as loud as loose message: the cost imports security land is a small present, something sw fold.

A

Equity fund manager.

A

Look at the god of deployments, rename spaces the internet space content, server, running the gps, bayer protected the middle nails, best proxy project via tls, inbound outbound talking to the demo server in a space center, namespace r gain contents. The proxy conficker ttp from the chronicle interest in the mini cube is still table. Todo per partie us attack sourcing to access the new browser.

A

So let's work of something to riches then says lotz first, so that ludwig lingg.

A

Should it looked like the of the mission we using namespace the science buddies, the two pointed free space, disco charts. Basically, the forester sbb proxy shop design come to an end, podcasting spd, the outer space, an land, not so the one with release of the tecdax.

A

Kertész flows: it is the demo page as cool down also tomorrow, with outputs. The spd of the server has gotten sick old race of your baby.

A

Publication undertaker hectare workload the extra uses eads, like the first class register spd demands, egger nextstep of the certificate tried to make up the quest using a certificate.

A

Ssl certificate, analytical sex.com, the server indicating that did not like I figured, should 2, that is, the region lures fair before indicating that the sel validation is missing and that will be as before is kesha rogers 3.

A

This takes place in Essen, like the deadline judge. The attack on the opportunities currently on apache need is possible.

A

This is a back to the top. If you can find everything r looks here at a posse tory as a public service, the apache service. So what we are planning, so you first notice the car toews of the bva, the ford racing and collecting locos. It is relatively good. The kaust essential works already you next to interact with other services.

A

Webservices a minister is the moment today that one many works of the pavilion is jj ex post to iii, the runtime on the esch users of the priest distance, because we were so connect workflow den user ltz. You can do really interesting things like me. Welle, dating network is the name workload bot, batu validator. The workload is extra end to end user group of users. Relieve you were too explorer. Federation holds cloud summer and android can show that works.

B

Is.

B

At.

B

Two.

B

Managers.

B

Self.

B

Defense.

B

And.

B

Space.

B

Co mopo in worms. It is a relative interest. The lawyer snow with the critics at the party took part under.

A

The securitization dioxin, so the collector the infrastructure of the spitfire volt java code and, of course, maker, brice has barcelonas krems personal experience really is george. The reality complex topic is now fix. Plans is the management complex, pia werner, mini von bay and make workload and easy to use for application. Designer fits importantly like margot, proper translation companies, business domain and technical domain, like hefner, has experts the so loose secret rotation.

A

X2 from my pass building construction and sour now with us on site in the single component, the configuration of the video for the eco business problem at the prowein half professionals, art talk to whom, so that basically relieved here is a full deduction of the afternoon. The buffet project android henceforth tv is a news almost triple and expands the apps equity panels advantage so that the baby community- and if you have a question, stop me kastrati conference once no atom is.

A

Herbert alsheimer minutes left for testing the introduction et.

C

Rondo about the bridge to classic stuff, like our troops and application can read in european widths. Servlet of the information to the after sales is the complete tiff and three people. The top talking about the bridge postings.

A

Of schortenser is a picture of captured photos. J j, edit owns, that is the basic infrastructure down to the eighties. The rally of the additive offers.

C

96 a little.

B

Better.

D

So the sport picture.

B

We.

B

Don't.

D

Have.

D

Is the training in the logos and the usa.

B

Can't.

B

Manage.

B

That.

B

Yes,.

B

No.

E

Matter.

E

Whether.

E

On the.

B

Basic.

B

Access.

B

Control.

A

Find tripoli/rome based access control was europe.

F

News in anif, so no tournaments interest in.

B

Software.

B

Projects.

B

Construction.

B

Company.

B

David.

B

Spade.

B

Tc.

B

Artist.

B

Then I.

A

Can know.

B

Again, don't know.