Link
Embed
Share
Beginning
This slide
Copy link URL
Copy link URL
Copy iframe embed code
Copy iframe embed code
Copy javascript embed code
Copy javascript embed code
Share
Tweet
Share
Tweet
Slide 1
Slide 1 text
@evan2645 Introducing SPIFFE Evan Gilman
Slide 2
Slide 2 text
@evan2645 About Me
Slide 3
Slide 3 text
@evan2645 Agenda ●Cloud Native Network Security ●SPIFFE ●SPIRE Overview ●SPIRE Walkthrough ●Live Demo
Slide 4
Slide 4 text
@evan2645 Not Your Parent’s Network Security
Slide 5
Slide 5 text
@evan2645 Not Your Parent’s Network Security
Slide 6
Slide 6 text
@evan2645 Software is Eating the World
Slide 7
Slide 7 text
@evan2645 Host Provider Process Process Process Process Security Group: sg-edcd9784 IP(s): 192.168.0.1/24
Slide 8
Slide 8 text
@evan2645 Host Provider Process Process Process Process Security Group: sg-edcd9784 IP(s): 192.168.0.1/24
Slide 9
Slide 9 text
@evan2645 Host Provider Process Process Process Process Security Group: sg-edcd9784 IP(s): 192.168.0.1/24
Slide 10
Slide 10 text
@evan2645 Host Provider Process Process Process Process Security Group: sg-edcd9784 IP(s): 192.168.0.1/24
Slide 11
Slide 11 text
@evan2645 Host Provider Process Process Process Process Security Group: sg-edcd9784 IP(s): 192.168.0.1/24
Slide 12
Slide 12 text
@evan2645 Host Provider Process Process Process Process Host Provider Process Process Process Process
Slide 13
Slide 13 text
@evan2645 Host Provider Process Process Process Process Host Provider Process Process Process Process
Slide 14
Slide 14 text
@evan2645 Host Provider Process Process Process Process Host Provider Process Process Process Process
Slide 15
Slide 15 text
@evan2645 Host Provider Process Process Process Process Security Group: sg-edcd9784 IP(s): 192.168.0.1/24
Slide 16
Slide 16 text
@evan2645 Host Provider Process Process Process Process Security Group: sg-edcd9784 IP(s): 192.168.0.1/24 ???
Slide 17
Slide 17 text
@evan2645 Workload Identity
Slide 18
Slide 18 text
@evan2645 Identity Domains Mesos Dell HP Identity Domain Hyper-V Kubernetes KVM
Slide 19
Slide 19 text
@evan2645 Identity Domains Mesos Dell HP Identity Domain Hyper-V Kubernetes KVM
Slide 20
Slide 20 text
@evan2645 Identity Domains Mesos Dell HP Identity Domain Hyper-V Kubernetes KVM
Slide 21
Slide 21 text
@evan2645 Universal Workload Identity
Slide 22
Slide 22 text
@evan2645 SPIFFE
Slide 23
Slide 23 text
@evan2645 SPIFFE
Slide 24
Slide 24 text
@evan2645 SPIFFE
Slide 25
Slide 25 text
@evan2645 SPIFFE ID spiffe://example.org/foo
Slide 26
Slide 26 text
@evan2645 SPIFFE ID spiffe://example.org/foo
Slide 27
Slide 27 text
@evan2645 SPIFFE Verifiable Identity Document spiffe://example.org/foo
Slide 28
Slide 28 text
@evan2645 SPIFFE Verifiable Identity Document spiffe://example.org/foo
Slide 29
Slide 29 text
@evan2645 SPIFFE Verifiable Identity Document spiffe://example.org/foo
Slide 30
Slide 30 text
@evan2645 SPIFFE Verifiable Identity Document spiffe://example.org/foo
Slide 31
Slide 31 text
@evan2645 SPIFFE Verifiable Identity Document spiffe://example.org/foo
Slide 32
Slide 32 text
@evan2645 SPIFFE Verifiable Identity Document spiffe://example.org/foo
Slide 33
Slide 33 text
@evan2645 SPIFFE Workload API Workload API Workload Workload Workload Server
Slide 34
Slide 34 text
@evan2645 SPIFFE Workload API Workload API Workload Workload Workload Server
Slide 35
Slide 35 text
@evan2645 SPIFFE Workload API Workload API Workload Workload Workload Server
Slide 36
Slide 36 text
@evan2645 How Do I SPIFFE?
Slide 37
Slide 37 text
@evan2645 SPIRE
Slide 38
Slide 38 text
@evan2645 SPIRE
Slide 39
Slide 39 text
@evan2645 SPIRE
Slide 40
Slide 40 text
@evan2645 ●Identity Mapping ●Node Attestation ●SVID Issuance spire-server ●Workload Attestation ●Workload API spire-agent
Slide 41
Slide 41 text
@evan2645 SPIRE Walkthrough CA spire-server
Slide 42
Slide 42 text
@evan2645 SPIRE Walkthrough Existing PKI (optional) Upstream CA CA spire-server
Slide 43
Slide 43 text
@evan2645 SPIRE Walkthrough Existing PKI (optional) Upstream CA CA Registration API spire-server
Slide 44
Slide 44 text
@evan2645 SPIRE Walkthrough Parent ID: spiffe://example.org/k8s/cluster/foo Selector: k8s:ns:operations Selector: k8s:sa:mediawiki Selector: docker:image-id: 746b819f315e SPIFFE ID: spiffe://example.org/ops/wiki
Slide 45
Slide 45 text
@evan2645 SPIRE Walkthrough spire-server Node Attestor AWS
Slide 46
Slide 46 text
@evan2645 SPIRE Walkthrough spire-agent Node Attestor spire-server Node Attestor AWS
Slide 47
Slide 47 text
@evan2645 SPIRE Walkthrough spire-agent Node Attestor spire-server Node Attestor AWS
Slide 48
Slide 48 text
@evan2645 SPIRE Walkthrough spire-agent Node Attestor spire-server Node Attestor AWS
Slide 49
Slide 49 text
@evan2645 SPIRE Walkthrough spire-agent Node Attestor spire-server Node Attestor AWS
Slide 50
Slide 50 text
@evan2645 SPIRE Walkthrough spire-agent Node Attestor spire-server Node Attestor AWS
Slide 51
Slide 51 text
@evan2645 SPIRE Walkthrough spire-agent Node Attestor spire-server Node Attestor AWS
Slide 52
Slide 52 text
@evan2645 SPIRE Walkthrough Linux Kernel spire-agent API Socket Server
Slide 53
Slide 53 text
@evan2645 SPIRE Walkthrough Linux Kernel spire-agent API Socket Server
Slide 54
Slide 54 text
@evan2645 SPIRE Walkthrough Linux Kernel spire-agent Workload API Socket Server
Slide 55
Slide 55 text
@evan2645 SPIRE Walkthrough Linux Kernel spire-agent Workload API Socket Server
Slide 56
Slide 56 text
@evan2645 SPIRE Walkthrough Linux Kernel spire-agent Workload API Socket Server
Slide 57
Slide 57 text
@evan2645 SPIRE Walkthrough Linux Kernel spire-agent Workload API Socket Server
Slide 58
Slide 58 text
@evan2645 SPIRE Walkthrough Linux Kernel spire-agent Workload kubelet API Socket Server
Slide 59
Slide 59 text
@evan2645 SPIRE Walkthrough Linux Kernel spire-agent Workload kubelet API Socket Server
Slide 60
Slide 60 text
@evan2645 SPIRE Secure Introduction
Slide 61
Slide 61 text
@evan2645 SPIRE Secure Introduction
Slide 62
Slide 62 text
@evan2645 SPIRE Secure Introduction
Slide 63
Slide 63 text
@evan2645 Demo Time!
Slide 64
Slide 64 text
@evan2645 In Summary
Slide 65
Slide 65 text
@evan2645 Looking Forward
Slide 66
Slide 66 text
@evan2645 Looking Forward
Slide 67
Slide 67 text
@evan2645 Play Today spiffe/spiffe spiffe/spire spiffe/spiffe-example slack.spiffe.io
Slide 68
Slide 68 text
@evan2645 Drink Today https://goo.gl/forms/SH16VG0iJYrkbfsJ2
Slide 69
Slide 69 text
@evan2645 Introducing SPIFFE Evan Gilman