Jackie Maertens
Microsoft, Senior Software Engineer
Actions
Software engineer at Microsoft. Member of the Azure Container Upstream team and Istio security maintainer. Co-lead of Istio's product security working group.
Links
It’s Never Too Late for PKI Fundamentals: Building a Mental Model
Mental models are challenging to build. Building a mental model of certificates and identity in the context of the cloud native ecosystem is daunting. In this talk, we will build the fundamentals you need to start on your journey of building your own mental model of PKI infrastructure.
If you find yourself asking, “How is a certificate chain built?”, “What is a certificate authority?”, “What role does a certificate play in verifying identity?”, etc. when looking at Cloud Native technologies or PKIs, then this talk is for you.
You will leave this presentation with a solid foundation of identity concepts and workflows, an understanding of some of the identity-based technologies at play in the cloud native ecosystem, and an awareness of hot security topics like secure supply chains and zero-trust environments.
Identity, Istio, and You
What identity solution is right for you? You want to create a zero-trust environment and a service mesh seems like the answer, but how should you responsibly configure trust distribution and manage identities? How can you incorporate Istio with your existing PKI solution? Successfully answering and understanding the solutions to these questions is critical to making informed tradeoffs between complexity, flexibility, and risk.
We’ll review the certificate authority configurations and integrations supported by Istio (k8s CSR, Istio CSR, SPIRE, cert-manager, etc.), discuss the benefits and downsides of each solution, and share when or why each solution might work for you. Considering the wide range of identity configurations in Istio, choosing the right identity solution for your environment is not an easy task. After this talk, you’ll be empowered to design or reevaluate an Istio identity solution that works for your specific business needs.
KubeCon + CloudNativeCon North America 2023 Sessionize Event
CNCF-hosted Co-located Events North America 2023 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top