Virtual Event
November 17, 2020
Learn More and Register to Attend This Event

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2020 - Virtual and add this co-located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Standard Time (UTC–05:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

MC’s for Production Identity Day: SPIFFE + SPIRE: Umair Khan, HPE + Andrès Vega, VMware

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Lightning Talks [clear filter]
Tuesday, November 17

1:35pm EST

“Solving the Bottom Turtle”: Writing a book on SPIFFE in 10 days using Book Sprints
avatar for Barbara Ruehling

Barbara Ruehling

CEO, Book Sprints
Writing, Collaboration, Facilitation, Documentation

Tuesday November 17, 2020 1:35pm - 1:45pm EST

2:05pm EST

Using SPIRE in Production at Uber
In this session we will provide an overview of how Uber uses SPIFFE and SPIRE for workload authentication and authentication in a diverse deployment environment. We will highlight the deployment architecture, operational practices, and benefits achieved.


Tuesday November 17, 2020 2:05pm - 2:20pm EST

2:45pm EST

Passport App: The role of SPIFFE and SPIRE in a return to work solution
In this session, Frederick demonstrates a SPIFFE/SPIRE enabled solution which will help employers manage there return to work strategy. We will do a quick deep dive on how SPIRE allows us to accomplish our mission and what it may enable us to do in the future.

avatar for Frederick Kautz

Frederick Kautz

Head of Edge Infrastructure, Doc.AI
* Head of Edge Infrastructure and Federated Learning at Doc.ai* NSM Co-Creator and Committer* X-Factor CNF Methodology author & Organizer (CNF Best Practices)* CNCF TUG, OVP and CNTT contributor* Open Network Intelligence Creator (AI on Networking Dataplane)* Founding member of Container... Read More →

Tuesday November 17, 2020 2:45pm - 3:00pm EST

3:35pm EST

Using a CRD to better integrate SPIRE and Kubernetes
In this talk we will discuss the Custom Resource Definition (CRD) for SPIRE we created. With the CRD we can better support automatic and manual generation of certificates, as well as integrate with kubectl.

avatar for Faisal Memon

Faisal Memon

Software Engineer, F5 Networks

Tuesday November 17, 2020 3:35pm - 3:50pm EST

4:10pm EST

Using DevIDs and TPMs for Node Attestation
In this session we will present a proposal and demonstration for a TPM Node Attestor plugin following the TCG draft just published “TPM 2.0 Keys for Device Identity and Attestation” that applies the “IEEE Standard for Local and Metropolitan Area Networks, Secure Device Identity (802.1AR)“device identity module definition and formatting to keys protected by a TPM 2.

avatar for Adriane Cardozo

Adriane Cardozo

Software Engineer, HPE
avatar for Marcos Yedro

Marcos Yedro

Software Engineer, HPE

Tuesday November 17, 2020 4:10pm - 4:20pm EST

4:20pm EST

Attestation and identity provisioning to Intel SGX workloads
Using workload attestation mechanisms to provision identity to workloads adds a huge value to this identity, especially in multi-cloud environments. Strong identities simplify policy management and help integration between services. However, attesting workloads based on properties collected from the Linux Kernel or the orchestrator is just the beginning. With confidential computing mechanisms reaching public cloud providers, there is an opportunity to raise the bar on the supported threat model and the strength of the application identities using technologies such as Intel SGX.
In this talk, I will explain how having an SGX Attestor could lead to identities that reflect not only where code is running, but also reflect the code of application that was actually loaded and the configuration of the filesystem that supports it. Next, I will discuss the benefits of such an attestor, which include enabling the seamless integration between sensitive workloads in untrusted environments with workloads on trusted environments with almost no additional burden on the developer.

avatar for Andrey Brito

Andrey Brito

Professor, UFCG
I am a Professor at the Federal University of Campina Grande (UFCG, Brazil) in the Computer Science Department. My main interests are the robustness and scalability aspects of distributed systems, especially in cloud computing environments. More recently, our group has focused on... Read More →

Tuesday November 17, 2020 4:20pm - 4:35pm EST
  • Timezone
  • Filter By Venue Virtual
  • Filter By Type
  • Breaks
  • General Session
  • Keynotes
  • Lightning Talks
  • Meet the Maintainers
  • Project Updates