SlideShare a Scribd company logo

Scaling Kafka Permission Management to a Multi-Team Environment (Ivan Greguric Ortolan) Zurich Confluent Streaming Event 2019

confluent
confluent

Confluent Streaming Event 2019

Technology
1 of 51
Download to read offline
Scaling Kafka Permission Management to a Multi-Team EnvironmentIvan Greguric Ortolan Solution Architect and Consultant mimacom
How do we ensure easy to maintain security in a cluster shared by many teams? Photo by Chris Lawton on Unsplash
Copyright: mimacom ag, 2019. All rights reserved. What is Kafka security? 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Photo by Silas Köhler on Unsplash
Copyright: mimacom ag, 2019. All rights reserved. What is Kafka security? Encryption 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Photo by Silas Köhler on Unsplash
Copyright: mimacom ag, 2019. All rights reserved. What is Kafka security? Encryption Authentication 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Photo by Silas Köhler on Unsplash
Copyright: mimacom ag, 2019. All rights reserved. Photo by Silas Köhler on Unsplash What is Kafka security? Encryption Authentication Authorization 11.11.2019 / Confluent Stream - Zurich / @ntrpivan
Let’s talk about Authorization Photo by James Sutton on Unsplash
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan AccessControlLists “User alice can write to topic clickStream” “User bob cannot read topic cardEvents”
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan AccessControlLists “User alice can write to topic clickStream”
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan AccessControlLists “User alice can write to topic clickStream”
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan AccessControlLists “User alice can write to topic clickStream”
Photo by Nik Shuliahin on Unsplash This approach has many pitfalls
Photo by Nik Shuliahin on Unsplash This approach has many pitfalls Complex
Photo by Nik Shuliahin on Unsplash This approach has many pitfalls Complex Tedious
Photo by Nik Shuliahin on Unsplash This approach has many pitfalls Complex Error prone Tedious
Photo by Nik Shuliahin on Unsplash This approach has many pitfalls Complex Error prone Tedious Difficult to secure
Photo by Nik Shuliahin on Unsplash This approach has many pitfalls Complex Difficult to audit Error prone Tedious Difficult to secure
Photo by Nik Shuliahin on Unsplash This approach has many pitfalls Complex Difficult to audit Error prone Tedious Difficult to secure Kill me please...
Copyright: mimacom ag, 2019. All rights reserved. Welcome the Kafka Security Manager 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Photo by Srh Hrbch on Unsplash
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager S3 KSM poll
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager KSM applypoll S3
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager KSM notify applypoll S3
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager KSM notify applypoll S3
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Our Workflow KSM notify channel apply Pull request notify approve maintainer developer poll
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan KSM notify channel apply Pull request notify approve maintainer developer poll Our Workflow
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan KSM notify channel apply Pull request notify approve maintainer developer poll Our Workflow
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan KSM notify channel apply Pull request notify approve maintainer developer poll Our Workflow
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan KSM notify channel applypoll Pull request notify approve maintainer developer Our Workflow
Photo by MalcolmLightbody on Unsplash How do we set it up ?
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager How to
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager How to
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager How to
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager How to
Photo by Yi Liu on Unsplash
Can we do better? Photo by Yi Liu on Unsplash
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager (enhanced) KSM
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager (enhanced) KSM YAML support
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager (enhanced) KSM YAML support Simplified syntax
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager (enhanced) KSM YAML support Simplified syntax Directory support
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager (enhanced) KSM YAML support Simplified syntax Directory support Stability bug fixes
How do we use all this new features to build a seamless experience? Photo by Simon Migaj on Unsplash
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Split ACLs into Files
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan CODEOWNERS File
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Pull Request Template
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan CircleCI Linting
Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Slack Notifications
Let’s sum up.. Photo by Antoine Dautry on Unsplash
I need it! Photo by Edwin Andrade on Unsplash
Unfortunately, the features are not merged back yet ... Photo by FranciscoMoreno on Unsplash
... but don’t worry, they will be! Photo by Rowen Smith on Unsplash
Copyright: mimacom ag, 2019. All rights reserved. Questions? Meet me at the mimacom booth THANKS! 11.11.2019 / Confluent Stream - Zurich / @ntrpivan CREDITS: - Unsplash and SlideGo for backgrounds and resources - Carbon for the code snippets ivan.g.ortolan@gmail.com /ntrp /ntrp /in/goivan @ntrpivan

Recommended

20191112 HAProxy conf 2019 - RTL journey to kubernetes with haproxy
20191112 HAProxy conf 2019 - RTL journey to kubernetes with haproxy20191112 HAProxy conf 2019 - RTL journey to kubernetes with haproxy
20191112 HAProxy conf 2019 - RTL journey to kubernetes with haproxyVincent Gallissot
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Santander Stream Processing with Apache Flink
Santander Stream Processing with Apache FlinkSantander Stream Processing with Apache Flink
Santander Stream Processing with Apache Flinkconfluent
 
Unlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insightsUnlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insightsconfluent
 
Workshop híbrido: Stream Processing con Flink
Workshop híbrido: Stream Processing con FlinkWorkshop híbrido: Stream Processing con Flink
Workshop híbrido: Stream Processing con Flinkconfluent
 
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...confluent
 
AWS Immersion Day Mapfre - Confluent
AWS Immersion Day Mapfre - ConfluentAWS Immersion Day Mapfre - Confluent
AWS Immersion Day Mapfre - Confluentconfluent
 
Eventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkEventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkconfluent
 

Recommended

20191112 HAProxy conf 2019 - RTL journey to kubernetes with haproxy
20191112 HAProxy conf 2019 - RTL journey to kubernetes with haproxy20191112 HAProxy conf 2019 - RTL journey to kubernetes with haproxy
20191112 HAProxy conf 2019 - RTL journey to kubernetes with haproxyVincent Gallissot
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Santander Stream Processing with Apache Flink
Santander Stream Processing with Apache FlinkSantander Stream Processing with Apache Flink
Santander Stream Processing with Apache Flinkconfluent
 
Unlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insightsUnlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insightsconfluent
 
Workshop híbrido: Stream Processing con Flink
Workshop híbrido: Stream Processing con FlinkWorkshop híbrido: Stream Processing con Flink
Workshop híbrido: Stream Processing con Flinkconfluent
 
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...confluent
 
AWS Immersion Day Mapfre - Confluent
AWS Immersion Day Mapfre - ConfluentAWS Immersion Day Mapfre - Confluent
AWS Immersion Day Mapfre - Confluentconfluent
 
Eventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkEventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkconfluent
 
Q&A with Confluent Experts: Navigating Networking in Confluent Cloud
Q&A with Confluent Experts: Navigating Networking in Confluent CloudQ&A with Confluent Experts: Navigating Networking in Confluent Cloud
Q&A with Confluent Experts: Navigating Networking in Confluent Cloudconfluent
 
Citi TechTalk Session 2: Kafka Deep Dive
Citi TechTalk Session 2: Kafka Deep DiveCiti TechTalk Session 2: Kafka Deep Dive
Citi TechTalk Session 2: Kafka Deep Diveconfluent
 
Build real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with ConfluentBuild real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with Confluentconfluent
 
Q&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service MeshQ&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service Meshconfluent
 
Citi Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka MicroservicesCiti Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka Microservicesconfluent
 
Confluent & GSI Webinars series - Session 3
Confluent & GSI Webinars series - Session 3Confluent & GSI Webinars series - Session 3
Confluent & GSI Webinars series - Session 3confluent
 
Citi Tech Talk: Messaging Modernization
Citi Tech Talk: Messaging ModernizationCiti Tech Talk: Messaging Modernization
Citi Tech Talk: Messaging Modernizationconfluent
 
Citi Tech Talk: Data Governance for streaming and real time data
Citi Tech Talk: Data Governance for streaming and real time dataCiti Tech Talk: Data Governance for streaming and real time data
Citi Tech Talk: Data Governance for streaming and real time dataconfluent
 
Confluent & GSI Webinars series: Session 2
Confluent & GSI Webinars series: Session 2Confluent & GSI Webinars series: Session 2
Confluent & GSI Webinars series: Session 2confluent
 
Data In Motion Paris 2023
Data In Motion Paris 2023Data In Motion Paris 2023
Data In Motion Paris 2023confluent
 
Confluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with SynthesisConfluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with Synthesisconfluent
 
The Future of Application Development - API Days - Melbourne 2023
The Future of Application Development - API Days - Melbourne 2023The Future of Application Development - API Days - Melbourne 2023
The Future of Application Development - API Days - Melbourne 2023confluent
 
The Playful Bond Between REST And Data Streams
The Playful Bond Between REST And Data StreamsThe Playful Bond Between REST And Data Streams
The Playful Bond Between REST And Data Streamsconfluent
 
The Journey to Data Mesh with Confluent
The Journey to Data Mesh with ConfluentThe Journey to Data Mesh with Confluent
The Journey to Data Mesh with Confluentconfluent
 
Citi Tech Talk: Monitoring and Performance
Citi Tech Talk: Monitoring and PerformanceCiti Tech Talk: Monitoring and Performance
Citi Tech Talk: Monitoring and Performanceconfluent
 
Confluent Partner Tech Talk with Reply
Confluent Partner Tech Talk with ReplyConfluent Partner Tech Talk with Reply
Confluent Partner Tech Talk with Replyconfluent
 
Citi Tech Talk Disaster Recovery Solutions Deep Dive
Citi Tech Talk Disaster Recovery Solutions Deep DiveCiti Tech Talk Disaster Recovery Solutions Deep Dive
Citi Tech Talk Disaster Recovery Solutions Deep Diveconfluent
 
Citi Tech Talk: Hybrid Cloud
Citi Tech Talk: Hybrid CloudCiti Tech Talk: Hybrid Cloud
Citi Tech Talk: Hybrid Cloudconfluent
 
Partner Tech Talk Q3: Q&A with PS - Migration and Upgrade
Partner Tech Talk Q3: Q&A with PS - Migration and UpgradePartner Tech Talk Q3: Q&A with PS - Migration and Upgrade
Partner Tech Talk Q3: Q&A with PS - Migration and Upgradeconfluent
 
Confluent Partner Tech Talk with QLIK
Confluent Partner Tech Talk with QLIKConfluent Partner Tech Talk with QLIK
Confluent Partner Tech Talk with QLIKconfluent
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

More Related Content

More from confluent

Q&A with Confluent Experts: Navigating Networking in Confluent Cloud
Q&A with Confluent Experts: Navigating Networking in Confluent CloudQ&A with Confluent Experts: Navigating Networking in Confluent Cloud
Q&A with Confluent Experts: Navigating Networking in Confluent Cloudconfluent
 
Citi TechTalk Session 2: Kafka Deep Dive
Citi TechTalk Session 2: Kafka Deep DiveCiti TechTalk Session 2: Kafka Deep Dive
Citi TechTalk Session 2: Kafka Deep Diveconfluent
 
Build real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with ConfluentBuild real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with Confluentconfluent
 
Q&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service MeshQ&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service Meshconfluent
 
Citi Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka MicroservicesCiti Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka Microservicesconfluent
 
Confluent & GSI Webinars series - Session 3
Confluent & GSI Webinars series - Session 3Confluent & GSI Webinars series - Session 3
Confluent & GSI Webinars series - Session 3confluent
 
Citi Tech Talk: Messaging Modernization
Citi Tech Talk: Messaging ModernizationCiti Tech Talk: Messaging Modernization
Citi Tech Talk: Messaging Modernizationconfluent
 
Citi Tech Talk: Data Governance for streaming and real time data
Citi Tech Talk: Data Governance for streaming and real time dataCiti Tech Talk: Data Governance for streaming and real time data
Citi Tech Talk: Data Governance for streaming and real time dataconfluent
 
Confluent & GSI Webinars series: Session 2
Confluent & GSI Webinars series: Session 2Confluent & GSI Webinars series: Session 2
Confluent & GSI Webinars series: Session 2confluent
 
Data In Motion Paris 2023
Data In Motion Paris 2023Data In Motion Paris 2023
Data In Motion Paris 2023confluent
 
Confluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with SynthesisConfluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with Synthesisconfluent
 
The Future of Application Development - API Days - Melbourne 2023
The Future of Application Development - API Days - Melbourne 2023The Future of Application Development - API Days - Melbourne 2023
The Future of Application Development - API Days - Melbourne 2023confluent
 
The Playful Bond Between REST And Data Streams
The Playful Bond Between REST And Data StreamsThe Playful Bond Between REST And Data Streams
The Playful Bond Between REST And Data Streamsconfluent
 
The Journey to Data Mesh with Confluent
The Journey to Data Mesh with ConfluentThe Journey to Data Mesh with Confluent
The Journey to Data Mesh with Confluentconfluent
 
Citi Tech Talk: Monitoring and Performance
Citi Tech Talk: Monitoring and PerformanceCiti Tech Talk: Monitoring and Performance
Citi Tech Talk: Monitoring and Performanceconfluent
 
Confluent Partner Tech Talk with Reply
Confluent Partner Tech Talk with ReplyConfluent Partner Tech Talk with Reply
Confluent Partner Tech Talk with Replyconfluent
 
Citi Tech Talk Disaster Recovery Solutions Deep Dive
Citi Tech Talk Disaster Recovery Solutions Deep DiveCiti Tech Talk Disaster Recovery Solutions Deep Dive
Citi Tech Talk Disaster Recovery Solutions Deep Diveconfluent
 
Citi Tech Talk: Hybrid Cloud
Citi Tech Talk: Hybrid CloudCiti Tech Talk: Hybrid Cloud
Citi Tech Talk: Hybrid Cloudconfluent
 
Partner Tech Talk Q3: Q&A with PS - Migration and Upgrade
Partner Tech Talk Q3: Q&A with PS - Migration and UpgradePartner Tech Talk Q3: Q&A with PS - Migration and Upgrade
Partner Tech Talk Q3: Q&A with PS - Migration and Upgradeconfluent
 
Confluent Partner Tech Talk with QLIK
Confluent Partner Tech Talk with QLIKConfluent Partner Tech Talk with QLIK
Confluent Partner Tech Talk with QLIKconfluent
 

More from confluent (20)

Q&A with Confluent Experts: Navigating Networking in Confluent Cloud
Q&A with Confluent Experts: Navigating Networking in Confluent CloudQ&A with Confluent Experts: Navigating Networking in Confluent Cloud
Q&A with Confluent Experts: Navigating Networking in Confluent Cloud
 
Citi TechTalk Session 2: Kafka Deep Dive
Citi TechTalk Session 2: Kafka Deep DiveCiti TechTalk Session 2: Kafka Deep Dive
Citi TechTalk Session 2: Kafka Deep Dive
 
Build real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with ConfluentBuild real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with Confluent
 
Q&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service MeshQ&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service Mesh
 
Citi Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka MicroservicesCiti Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka Microservices
 
Confluent & GSI Webinars series - Session 3
Confluent & GSI Webinars series - Session 3Confluent & GSI Webinars series - Session 3
Confluent & GSI Webinars series - Session 3
 
Citi Tech Talk: Messaging Modernization
Citi Tech Talk: Messaging ModernizationCiti Tech Talk: Messaging Modernization
Citi Tech Talk: Messaging Modernization
 
Citi Tech Talk: Data Governance for streaming and real time data
Citi Tech Talk: Data Governance for streaming and real time dataCiti Tech Talk: Data Governance for streaming and real time data
Citi Tech Talk: Data Governance for streaming and real time data
 
Confluent & GSI Webinars series: Session 2
Confluent & GSI Webinars series: Session 2Confluent & GSI Webinars series: Session 2
Confluent & GSI Webinars series: Session 2
 
Data In Motion Paris 2023
Data In Motion Paris 2023Data In Motion Paris 2023
Data In Motion Paris 2023
 
Confluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with SynthesisConfluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with Synthesis
 
The Future of Application Development - API Days - Melbourne 2023
The Future of Application Development - API Days - Melbourne 2023The Future of Application Development - API Days - Melbourne 2023
The Future of Application Development - API Days - Melbourne 2023
 
The Playful Bond Between REST And Data Streams
The Playful Bond Between REST And Data StreamsThe Playful Bond Between REST And Data Streams
The Playful Bond Between REST And Data Streams
 
The Journey to Data Mesh with Confluent
The Journey to Data Mesh with ConfluentThe Journey to Data Mesh with Confluent
The Journey to Data Mesh with Confluent
 
Citi Tech Talk: Monitoring and Performance
Citi Tech Talk: Monitoring and PerformanceCiti Tech Talk: Monitoring and Performance
Citi Tech Talk: Monitoring and Performance
 
Confluent Partner Tech Talk with Reply
Confluent Partner Tech Talk with ReplyConfluent Partner Tech Talk with Reply
Confluent Partner Tech Talk with Reply
 
Citi Tech Talk Disaster Recovery Solutions Deep Dive
Citi Tech Talk Disaster Recovery Solutions Deep DiveCiti Tech Talk Disaster Recovery Solutions Deep Dive
Citi Tech Talk Disaster Recovery Solutions Deep Dive
 
Citi Tech Talk: Hybrid Cloud
Citi Tech Talk: Hybrid CloudCiti Tech Talk: Hybrid Cloud
Citi Tech Talk: Hybrid Cloud
 
Partner Tech Talk Q3: Q&A with PS - Migration and Upgrade
Partner Tech Talk Q3: Q&A with PS - Migration and UpgradePartner Tech Talk Q3: Q&A with PS - Migration and Upgrade
Partner Tech Talk Q3: Q&A with PS - Migration and Upgrade
 
Confluent Partner Tech Talk with QLIK
Confluent Partner Tech Talk with QLIKConfluent Partner Tech Talk with QLIK
Confluent Partner Tech Talk with QLIK
 

Recently uploaded

SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 

Recently uploaded (20)

SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 

Scaling Kafka Permission Management to a Multi-Team Environment (Ivan Greguric Ortolan) Zurich Confluent Streaming Event 2019

  • 1. Scaling Kafka Permission Management to a Multi-Team EnvironmentIvan Greguric Ortolan Solution Architect and Consultant mimacom
  • 2. How do we ensure easy to maintain security in a cluster shared by many teams? Photo by Chris Lawton on Unsplash
  • 3. Copyright: mimacom ag, 2019. All rights reserved. What is Kafka security? 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Photo by Silas Köhler on Unsplash
  • 4. Copyright: mimacom ag, 2019. All rights reserved. What is Kafka security? Encryption 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Photo by Silas Köhler on Unsplash
  • 5. Copyright: mimacom ag, 2019. All rights reserved. What is Kafka security? Encryption Authentication 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Photo by Silas Köhler on Unsplash
  • 6. Copyright: mimacom ag, 2019. All rights reserved. Photo by Silas Köhler on Unsplash What is Kafka security? Encryption Authentication Authorization 11.11.2019 / Confluent Stream - Zurich / @ntrpivan
  • 7. Let’s talk about Authorization Photo by James Sutton on Unsplash
  • 8. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan AccessControlLists “User alice can write to topic clickStream” “User bob cannot read topic cardEvents”
  • 9. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan AccessControlLists “User alice can write to topic clickStream”
  • 10. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan AccessControlLists “User alice can write to topic clickStream”
  • 11. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan AccessControlLists “User alice can write to topic clickStream”
  • 12. Photo by Nik Shuliahin on Unsplash This approach has many pitfalls
  • 13. Photo by Nik Shuliahin on Unsplash This approach has many pitfalls Complex
  • 14. Photo by Nik Shuliahin on Unsplash This approach has many pitfalls Complex Tedious
  • 15. Photo by Nik Shuliahin on Unsplash This approach has many pitfalls Complex Error prone Tedious
  • 16. Photo by Nik Shuliahin on Unsplash This approach has many pitfalls Complex Error prone Tedious Difficult to secure
  • 17. Photo by Nik Shuliahin on Unsplash This approach has many pitfalls Complex Difficult to audit Error prone Tedious Difficult to secure
  • 18. Photo by Nik Shuliahin on Unsplash This approach has many pitfalls Complex Difficult to audit Error prone Tedious Difficult to secure Kill me please...
  • 19. Copyright: mimacom ag, 2019. All rights reserved. Welcome the Kafka Security Manager 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Photo by Srh Hrbch on Unsplash
  • 20. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager S3 KSM poll
  • 21. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager KSM applypoll S3
  • 22. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager KSM notify applypoll S3
  • 23. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager KSM notify applypoll S3
  • 24. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Our Workflow KSM notify channel apply Pull request notify approve maintainer developer poll
  • 25. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan KSM notify channel apply Pull request notify approve maintainer developer poll Our Workflow
  • 26. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan KSM notify channel apply Pull request notify approve maintainer developer poll Our Workflow
  • 27. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan KSM notify channel apply Pull request notify approve maintainer developer poll Our Workflow
  • 28. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan KSM notify channel applypoll Pull request notify approve maintainer developer Our Workflow
  • 29. Photo by MalcolmLightbody on Unsplash How do we set it up ?
  • 30. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager How to
  • 31. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager How to
  • 32. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager How to
  • 33. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager How to
  • 34. Photo by Yi Liu on Unsplash
  • 35. Can we do better? Photo by Yi Liu on Unsplash
  • 36. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager (enhanced) KSM
  • 37. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager (enhanced) KSM YAML support
  • 38. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager (enhanced) KSM YAML support Simplified syntax
  • 39. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager (enhanced) KSM YAML support Simplified syntax Directory support
  • 40. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Kafka Security Manager (enhanced) KSM YAML support Simplified syntax Directory support Stability bug fixes
  • 41. How do we use all this new features to build a seamless experience? Photo by Simon Migaj on Unsplash
  • 42. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Split ACLs into Files
  • 43. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan CODEOWNERS File
  • 44. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Pull Request Template
  • 45. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan CircleCI Linting
  • 46. Copyright: mimacom ag, 2019. All rights reserved. 11.11.2019 / Confluent Stream - Zurich / @ntrpivan Slack Notifications
  • 47. Let’s sum up.. Photo by Antoine Dautry on Unsplash
  • 48. I need it! Photo by Edwin Andrade on Unsplash
  • 49. Unfortunately, the features are not merged back yet ... Photo by FranciscoMoreno on Unsplash
  • 50. ... but don’t worry, they will be! Photo by Rowen Smith on Unsplash
  • 51. Copyright: mimacom ag, 2019. All rights reserved. Questions? Meet me at the mimacom booth THANKS! 11.11.2019 / Confluent Stream - Zurich / @ntrpivan CREDITS: - Unsplash and SlideGo for backgrounds and resources - Carbon for the code snippets ivan.g.ortolan@gmail.com /ntrp /ntrp /in/goivan @ntrpivan