Virtual Event
November 17, 2020
Learn More and Register to Attend This Event

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2020 - Virtual and add this co-located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Standard Time (UTC–05:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

MC’s for Production Identity Day: SPIFFE + SPIRE: Umair Khan, HPE + Andrès Vega, VMware

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

General Session [clear filter]
Tuesday, November 17

11:00am EST

avatar for Andres Vega

Andres Vega

Product, VMware Tanzu

Tuesday November 17, 2020 11:00am - 11:05am EST

12:05pm EST

Community Integrations and other Works in Progress
This session would cover new community integrations and initiatives being worked on by community members. Guest speakers, along with their topics, include:
  • Extending Authentication for Istio with SPIRE – Doron Chen, IBM
  • Securing user privacy with transitive identity –  Andrew Jessup, HPE
  • Leveraging certificate transparency to strengthen audibility in SPIRE - Ruide Zhang, ByteDance
  • Parsec and SPIFFE –  Paul Howard, Arm


Tuesday November 17, 2020 12:05pm - 12:30pm EST

12:40pm EST

SPIFFE and SPIRE Architecture Deep Dive

Andrew Harding

Staff Engineer, VMware
Core Maintainer on the SPIRE project: github.com/spiffe/spire 
avatar for Evan Gilman

Evan Gilman

Staff Software Engineer, VMware Tanzu
Evan Gilman is an engineer with a background in computer networks. With roots in academia, and currently working on the SPIFFE project, he has been building and operating systems in hostile environments his entire professional career. An open source contributor, speaker, and author... Read More →

Tuesday November 17, 2020 12:40pm - 1:10pm EST

1:10pm EST

Securing Kafka with SPIFFE at TransferWise
For a long time in order to achieve mutual TLS between Kafka brokers and its clients we had to use long-lived certificates which is a nightmare to manage at large scale. At TransferWise, we have around 300 microservices and most of them use Kafka for the async communication, stream processing, event sourcing, etc. We wanted to implement Kafka security in a way that reduced the maintenance burden on platform teams, while making migration of diverse clients as simple as possible. In this talk we will describe how we have achieved that goal using SPIFFE with SPIRE and Envoy, requiring zero code changes on the client side.

avatar for Jonathan Oddy

Jonathan Oddy

Principal Engineer, TransferWise
avatar for Levani Kokhreidze

Levani Kokhreidze

Principal Engineer, TransferWise

Tuesday November 17, 2020 1:10pm - 1:35pm EST

2:20pm EST

SPIFFE at GitHub
We’ve been rolling SPIFFE out internally at GitHub to empower teams to manage interoperable Production Identity documents. In this talk we’ll give a brief overview of how we’ve deployed SPIRE and leveraged its plugin system to integrate with our internal systems and tooling.

avatar for Eric Lee

Eric Lee

Staff Software Engineer, GitHub
Eric is an engineer in the Platform organization at GitHub working on SPIFFE/SPIRE. Prior to GitHub he was the technical lead for a team at Zillow introducing Kubernetes and containers to the infrastructure organization.

Tuesday November 17, 2020 2:20pm - 2:45pm EST

3:10pm EST

10 Lessons From Migrating to SPIFFE After 10 Years Of Service Identity at Square
At Square we have developed our own service identity system a few years ago that served us well in our datacenters, but as we increasingly started adopting the cloud, we decided to implement SPIFFE to provide seamless service identity system that would span many environments. In this talk I would like to briefly present how we built a migration process and what we learned from it.

avatar for Mat Byczkowski

Mat Byczkowski

Senior Security Engineer, Square

Tuesday November 17, 2020 3:10pm - 3:35pm EST

3:50pm EST

Fortifying Microservice Security with SPIRE and OPA
Microservice architecture although beneficial brings with it unique security challenges around authentication and authorization which become more acute due to the diverse nature of microservice environments.
How do we reliably authenticate and authorize interactions between 10s, 100s, or even 1000s of services at scale while handling 1000 API calls per second?

SPIRE solves authentication by creating an identity plane across varied infrastructure over which cryptographically verifiable identities such as JWTs are delivered securely to workloads. OPA provides a policy engine that can be used to enforce fine-grained authorization policies across the stack.
We will show how SPIRE issued JWT SVID claims created using SPIRE’s OIDC Federation can be used by OPA to enforce service-to-service and end-user access control in microservice environments without compromising on speed and availability.

avatar for Ash Narkar

Ash Narkar

SIG-Security Technical Lead, Styra
Ash Narkar is a maintainer of the Open Policy Agent project. Ash has over 5 years of experience working on large-scale distributed systems. Ash is a Senior Software Engineer at Styra, Inc. working on OPA development and integrations. Previously he was a Principal Engineer at Verizon... Read More →

Tuesday November 17, 2020 3:50pm - 4:10pm EST
  • Timezone
  • Filter By Venue Virtual
  • Filter By Type
  • Breaks
  • General Session
  • Keynotes
  • Lightning Talks
  • Meet the Maintainers
  • Project Updates