In modern cloud systems, services communicate constantly—across clusters, clouds, and trust boundaries. At that scale, how do services reliably identify each other? And how can they enforce fine-grained access controls without relying on brittle assumptions, shared secrets, or manual configuration?

This talk explores how identity works in distributed cloud software: what it means for a workload to have an identity, how that identity is issued and verified across cloud environments, and what design choices make identity systems secure and operable in practice. We’ll examine the models used today - from cloud IAM and PKI to service-mesh-driven approaches - and place modern workload identity systems such as CNCF projects SPIFFE and SPIRE in the broader landscape of distributed system design.