SlideShare a Scribd company logo

Athenz with Istio - Single Access Control Model in Cloud Infrastructures, Tatsuya Yano, Yahoo Japan

Yahoo Developer Network
Yahoo Developer Network

Athenz (www.athenz.io) is an open source platform for X.509 certificate-based service authentication and fine-grained access control in dynamic infrastructures that provides options to run multi-environments with a single access control model.

Technology
1 of 31
Download to read offline
Athenz with Istio: Single Access Control Model in Cloud Infrastructures
Agenda • What is Athenz? • Service Authentication • Authorization • Multi-cloud in Yahoo Japan • How do we integrate with Istio? • Why Istio? • Benefit of using Athenz with Istio
About • Tatsuya Yano • Platform Developer, Yahoo Japan Corporation • Contributor to Athenz • Open Source Summit Japan (https://sched.co/FDjp)
Athenz: Open Source System Created by Yahoo Inc. • Service Authentication • Provide secure identity in the form short lived x.509 certificate to every workload / service in modern environments • Authorization • Provides fine-grained Role Based Access Control (RBAC)
Service Authentication
Authentication • User Authentication • AD / LDAP / Kerberos / etc • Service Authentication • Instances within a service with a unique identity to enable secure communication • IP / Networks ACLs / iptable • Headless/Automation users • Shared secrets • Mutual TLS with x.509 certificates
Certificate Based Authentication • Every instance / service in your cloud has its own identity • Stronger security by Mutual TLS Authentication • Zero-trust security • Short Lived Certificates
Copper Argos • Generalized model for authorized service providers to launch other service identities in an authorized way through a callback-based verification model. Providers OpenStack Kubernetes Screwdriver Amazon EC2 AWS ECS AWS Lambda
Bootstrapping Athenz Identity
Authorization
Athenz Data Model
Domain data example (YAML)
Authorization - Centralized Access Control
Authorization - Decentralized Access Control
Advantages of Athenz • To provide service identity X.509 certificates for services running in common providers like Kubernetes, OpenStack or AWS that can be used for mutual TLS authentication. • To have precise and frequently configurable access controls with single source of truth.
Athenz in Yahoo Japan
How do we integrate with Istio?
Why use Istio? • Automatic load balancing. • Fine-grained control of traffic behavior. • A pluggable policy layer and configuration API. • Automatic metrics, logs, and traces for all traffic. • Secure service-to-service communication. Referred from: https://istio.io/docs/concepts/what-is-istio/
Benefits of using Athenz with Istio • Istio is in CNCF landscape. • Service mesh strongly supports microservices architecture. + • Athenz enables single access control model in multi cloud.
Basics of Istio Mixer
Example integration: Athenz Istio Mixer adapter Referred from: https://istio.io/blog/2017/adapter-model/
Example integration: Athenz Istio Mixer adapter
Other use-case: Simplified mTLS authN/Z using Istio/Athenz
Simplified mTLS authN/Z using Istio/Athenz Athenz Istio Auth Controller Kubernetes API Fetch role/policy information from Athenz Setup a watch on namespaces Create/update/delete Istio CRs - ServiceRole and ServiceRolebinding based on fetched Athenz data Athenz Istio Auth Controller translates Athenz defined roles/policies into Istio CRs - ServiceRole and ServiceRolebinding Watch ServiceRole and ServiceRoleBinding https://github.com/yahoo/k8s-athenz-istio-auth
Prototype Demo
Future plans •Currently • On Premises and AWS Provisioning •Planned • Provide Athenz servers with Docker images • Helm charts • Productionize Athenz x509 certificate provisioning • Productionize the authorization flow using Istio Envoy
Resources • Website : http://www.athenz.io • Github: https://github.com/yahoo/athenz • Slack Channel: https://athenz.slack.com/ • Discussion Group: • Google Group: Athenz-Users • Questions or Comments: • Tatsuya Yano: tatyano@yahoo-corp.jp
Join Ushttp://www.athenz.io
Thank you
Q & A
Athenz with Istio - Single Access Control Model in Cloud Infrastructures, Tatsuya Yano, Yahoo Japan

Recommended

Athenz - The Open-Source Solution to Provide Access Control in Dynamic Infras...
Athenz - The Open-Source Solution to Provide Access Control in Dynamic Infras...Athenz - The Open-Source Solution to Provide Access Control in Dynamic Infras...
Athenz - The Open-Source Solution to Provide Access Control in Dynamic Infras...Yahoo Developer Network
 
Azure network and infrastructure
Azure network and infrastructureAzure network and infrastructure
Azure network and infrastructurePhi Huynh
 
JECRC iWeekend Cloud Day
JECRC iWeekend Cloud DayJECRC iWeekend Cloud Day
JECRC iWeekend Cloud Dayjecrciweekend
 
Cybera Summit
Cybera SummitCybera Summit
Cybera SummitEverett Toews
 
Advanced development with Windows Azure
Advanced development with Windows AzureAdvanced development with Windows Azure
Advanced development with Windows AzureThomas Robbins
 
Azure Operational Insight Preview
Azure Operational Insight PreviewAzure Operational Insight Preview
Azure Operational Insight PreviewIgor Puhalo
 
Cloud Native London - 2019: What is a Service Mesh, and if I Get One Will it ...
Cloud Native London - 2019: What is a Service Mesh, and if I Get One Will it ...Cloud Native London - 2019: What is a Service Mesh, and if I Get One Will it ...
Cloud Native London - 2019: What is a Service Mesh, and if I Get One Will it ...Elton Stoneman
 
Best Practices to Secure Your Kubernetes Cluster
Best Practices to Secure Your Kubernetes ClusterBest Practices to Secure Your Kubernetes Cluster
Best Practices to Secure Your Kubernetes ClusterStefano Tempesta
 

Recommended

Athenz - The Open-Source Solution to Provide Access Control in Dynamic Infras...
Athenz - The Open-Source Solution to Provide Access Control in Dynamic Infras...Athenz - The Open-Source Solution to Provide Access Control in Dynamic Infras...
Athenz - The Open-Source Solution to Provide Access Control in Dynamic Infras...Yahoo Developer Network
 
Azure network and infrastructure
Azure network and infrastructureAzure network and infrastructure
Azure network and infrastructurePhi Huynh
 
JECRC iWeekend Cloud Day
JECRC iWeekend Cloud DayJECRC iWeekend Cloud Day
JECRC iWeekend Cloud Dayjecrciweekend
 
Cybera Summit
Cybera SummitCybera Summit
Cybera SummitEverett Toews
 
Advanced development with Windows Azure
Advanced development with Windows AzureAdvanced development with Windows Azure
Advanced development with Windows AzureThomas Robbins
 
Azure Operational Insight Preview
Azure Operational Insight PreviewAzure Operational Insight Preview
Azure Operational Insight PreviewIgor Puhalo
 
Cloud Native London - 2019: What is a Service Mesh, and if I Get One Will it ...
Cloud Native London - 2019: What is a Service Mesh, and if I Get One Will it ...Cloud Native London - 2019: What is a Service Mesh, and if I Get One Will it ...
Cloud Native London - 2019: What is a Service Mesh, and if I Get One Will it ...Elton Stoneman
 
Best Practices to Secure Your Kubernetes Cluster
Best Practices to Secure Your Kubernetes ClusterBest Practices to Secure Your Kubernetes Cluster
Best Practices to Secure Your Kubernetes ClusterStefano Tempesta
 
24 Hours Of Exchange Server 2007 ( Part 15 Of 24)
24 Hours Of Exchange Server 2007 ( Part 15 Of 24)24 Hours Of Exchange Server 2007 ( Part 15 Of 24)
24 Hours Of Exchange Server 2007 ( Part 15 Of 24)Harold Wong
 
Azure Service Bus
Azure Service BusAzure Service Bus
Azure Service BusBizTalk360
 
Azure Service Bus Overview
Azure Service Bus OverviewAzure Service Bus Overview
Azure Service Bus OverviewBizTalk360
 
Deployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows AzureDeployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows AzureThomas Robbins
 
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...DevClub_lv
 
Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Massimo Ferre'
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measuresMaarten Smeets
 
Windows Azure
Windows AzureWindows Azure
Windows AzureNour Khouja
 
Docker + App Container = ocp
Docker + App Container = ocpDocker + App Container = ocp
Docker + App Container = ocpApcera
 
An Intro to AS4, the Successor of AS2
An Intro to AS4, the Successor of AS2An Intro to AS4, the Successor of AS2
An Intro to AS4, the Successor of AS2BizTalk360
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSAkshay Mathur
 
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012Kemp
 
Azure IAAS architecture with High Availability for beginners and developers -...
Azure IAAS architecture with High Availability for beginners and developers -...Azure IAAS architecture with High Availability for beginners and developers -...
Azure IAAS architecture with High Availability for beginners and developers -...Malleswar Reddy
 
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...DevClub_lv
 
Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...
Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...
Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...Radu Vunvulea
 
Manage and Operate Azure Stack Hub Stamps at Scale
Manage and Operate Azure Stack Hub Stamps at ScaleManage and Operate Azure Stack Hub Stamps at Scale
Manage and Operate Azure Stack Hub Stamps at ScaleRavi C Kolandaiswamy
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudAkshay Mathur
 
Windows Server 2008
Windows Server 2008Windows Server 2008
Windows Server 2008Luis Quiroz
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual networkLalit Rawat
 
MicroService Architecture
MicroService ArchitectureMicroService Architecture
MicroService ArchitectureMd. Hasan Basri (Angel)
 
Intelligent serverless-streaming-pipeline-using-kinesis-fargate-cfn
Intelligent serverless-streaming-pipeline-using-kinesis-fargate-cfnIntelligent serverless-streaming-pipeline-using-kinesis-fargate-cfn
Intelligent serverless-streaming-pipeline-using-kinesis-fargate-cfnYogesh Sharma
 
Docker Dublin: Just What is a Service Mesh, and if I get one will it make eve...
Docker Dublin: Just What is a Service Mesh, and if I get one will it make eve...Docker Dublin: Just What is a Service Mesh, and if I get one will it make eve...
Docker Dublin: Just What is a Service Mesh, and if I get one will it make eve...Elton Stoneman
 

More Related Content

What's hot

24 Hours Of Exchange Server 2007 ( Part 15 Of 24)
24 Hours Of Exchange Server 2007 ( Part 15 Of 24)24 Hours Of Exchange Server 2007 ( Part 15 Of 24)
24 Hours Of Exchange Server 2007 ( Part 15 Of 24)Harold Wong
 
Azure Service Bus
Azure Service BusAzure Service Bus
Azure Service BusBizTalk360
 
Azure Service Bus Overview
Azure Service Bus OverviewAzure Service Bus Overview
Azure Service Bus OverviewBizTalk360
 
Deployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows AzureDeployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows AzureThomas Robbins
 
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...DevClub_lv
 
Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Massimo Ferre'
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measuresMaarten Smeets
 
Docker + App Container = ocp
Docker + App Container = ocpDocker + App Container = ocp
Docker + App Container = ocpApcera
 
An Intro to AS4, the Successor of AS2
An Intro to AS4, the Successor of AS2An Intro to AS4, the Successor of AS2
An Intro to AS4, the Successor of AS2BizTalk360
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSAkshay Mathur
 
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012Kemp
 
Azure IAAS architecture with High Availability for beginners and developers -...
Azure IAAS architecture with High Availability for beginners and developers -...Azure IAAS architecture with High Availability for beginners and developers -...
Azure IAAS architecture with High Availability for beginners and developers -...Malleswar Reddy
 
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...DevClub_lv
 
Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...
Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...
Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...Radu Vunvulea
 
Manage and Operate Azure Stack Hub Stamps at Scale
Manage and Operate Azure Stack Hub Stamps at ScaleManage and Operate Azure Stack Hub Stamps at Scale
Manage and Operate Azure Stack Hub Stamps at ScaleRavi C Kolandaiswamy
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudAkshay Mathur
 
Windows Server 2008
Windows Server 2008Windows Server 2008
Windows Server 2008Luis Quiroz
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual networkLalit Rawat
 

What's hot (20)

24 Hours Of Exchange Server 2007 ( Part 15 Of 24)
24 Hours Of Exchange Server 2007 ( Part 15 Of 24)24 Hours Of Exchange Server 2007 ( Part 15 Of 24)
24 Hours Of Exchange Server 2007 ( Part 15 Of 24)
 
Azure Service Bus
Azure Service BusAzure Service Bus
Azure Service Bus
 
Azure Service Bus Overview
Azure Service Bus OverviewAzure Service Bus Overview
Azure Service Bus Overview
 
Deployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows AzureDeployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows Azure
 
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
 
Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measures
 
Windows Azure
Windows AzureWindows Azure
Windows Azure
 
Docker + App Container = ocp
Docker + App Container = ocpDocker + App Container = ocp
Docker + App Container = ocp
 
An Intro to AS4, the Successor of AS2
An Intro to AS4, the Successor of AS2An Intro to AS4, the Successor of AS2
An Intro to AS4, the Successor of AS2
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADS
 
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
 
Azure IAAS architecture with High Availability for beginners and developers -...
Azure IAAS architecture with High Availability for beginners and developers -...Azure IAAS architecture with High Availability for beginners and developers -...
Azure IAAS architecture with High Availability for beginners and developers -...
 
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
 
Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...
Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...
Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...
 
Manage and Operate Azure Stack Hub Stamps at Scale
Manage and Operate Azure Stack Hub Stamps at ScaleManage and Operate Azure Stack Hub Stamps at Scale
Manage and Operate Azure Stack Hub Stamps at Scale
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloud
 
Windows Server 2008
Windows Server 2008Windows Server 2008
Windows Server 2008
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual network
 
MicroService Architecture
MicroService ArchitectureMicroService Architecture
MicroService Architecture
 

Similar to Athenz with Istio - Single Access Control Model in Cloud Infrastructures, Tatsuya Yano, Yahoo Japan

Intelligent serverless-streaming-pipeline-using-kinesis-fargate-cfn
Intelligent serverless-streaming-pipeline-using-kinesis-fargate-cfnIntelligent serverless-streaming-pipeline-using-kinesis-fargate-cfn
Intelligent serverless-streaming-pipeline-using-kinesis-fargate-cfnYogesh Sharma
 
Docker Dublin: Just What is a Service Mesh, and if I get one will it make eve...
Docker Dublin: Just What is a Service Mesh, and if I get one will it make eve...Docker Dublin: Just What is a Service Mesh, and if I get one will it make eve...
Docker Dublin: Just What is a Service Mesh, and if I get one will it make eve...Elton Stoneman
 
AWS Community Day Bay Area 2020- Intelligent Scalable and Serverless Real-tim...
AWS Community Day Bay Area 2020- Intelligent Scalable and Serverless Real-tim...AWS Community Day Bay Area 2020- Intelligent Scalable and Serverless Real-tim...
AWS Community Day Bay Area 2020- Intelligent Scalable and Serverless Real-tim...Yogesh Sharma
 
An Azure of Things, a developer’s perspective
An Azure of Things, a developer’s perspectiveAn Azure of Things, a developer’s perspective
An Azure of Things, a developer’s perspectiveBizTalk360
 
20160304 blockchain in fsi client ready raymond
20160304 blockchain in fsi client ready raymond20160304 blockchain in fsi client ready raymond
20160304 blockchain in fsi client ready raymondMeng-Ru (Raymond) Tsai
 
Shared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWSShared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWSAkshay Mathur
 
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...Tyler Nguyen
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersDataWorks Summit
 
ENT401 Deep Dive with Amazon EC2 Systems Manager
ENT401 Deep Dive with Amazon EC2 Systems ManagerENT401 Deep Dive with Amazon EC2 Systems Manager
ENT401 Deep Dive with Amazon EC2 Systems ManagerAmazon Web Services
 
Amazon EKS 그리고 Service Mesh (김세호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
Amazon EKS 그리고 Service Mesh (김세호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018Amazon EKS 그리고 Service Mesh (김세호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
Amazon EKS 그리고 Service Mesh (김세호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018Amazon Web Services Korea
 
Apache Stratos (Incubating) is the Platform as a Service (PaaS) project from ...
Apache Stratos (Incubating) is the Platform as a Service (PaaS) project from ...Apache Stratos (Incubating) is the Platform as a Service (PaaS) project from ...
Apache Stratos (Incubating) is the Platform as a Service (PaaS) project from ...WSO2
 
Understanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and TechnologyUnderstanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and TechnologyWSO2
 
Four Scenarios for Using an Integration Service Environment (ISE)
Four Scenarios for Using an Integration Service Environment (ISE)Four Scenarios for Using an Integration Service Environment (ISE)
Four Scenarios for Using an Integration Service Environment (ISE)Daniel Toomey
 
AWS IoT vs Azure IoT
AWS IoT vs Azure IoTAWS IoT vs Azure IoT
AWS IoT vs Azure IoTahmed badr
 
사물 인터넷을 위한 AWS FreeRTOS 소개 - 트랙1, Community Day 2018 re:Invent 특집
사물 인터넷을 위한 AWS FreeRTOS 소개 - 트랙1, Community Day 2018 re:Invent 특집사물 인터넷을 위한 AWS FreeRTOS 소개 - 트랙1, Community Day 2018 re:Invent 특집
사물 인터넷을 위한 AWS FreeRTOS 소개 - 트랙1, Community Day 2018 re:Invent 특집AWSKRUG - AWS한국사용자모임
 
Global Azure Bootcamp: Azure service fabric
Global Azure Bootcamp: Azure service fabric Global Azure Bootcamp: Azure service fabric
Global Azure Bootcamp: Azure service fabric Luis Valencia
 
Service fabric and azure service fabric mesh
Service fabric and azure service fabric meshService fabric and azure service fabric mesh
Service fabric and azure service fabric meshMikkel Mørk Hegnhøj
 
사물 인터넷을 위한 AWS FreeRTOS 소개
사물 인터넷을 위한 AWS FreeRTOS 소개사물 인터넷을 위한 AWS FreeRTOS 소개
사물 인터넷을 위한 AWS FreeRTOS 소개Harry Oh
 
Cozystack: Free PaaS platform and framework for building clouds
Cozystack: Free PaaS platform and framework for building cloudsCozystack: Free PaaS platform and framework for building clouds
Cozystack: Free PaaS platform and framework for building cloudsAndrei Kvapil
 
AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23Rolf Koski
 

Similar to Athenz with Istio - Single Access Control Model in Cloud Infrastructures, Tatsuya Yano, Yahoo Japan (20)

Intelligent serverless-streaming-pipeline-using-kinesis-fargate-cfn
Intelligent serverless-streaming-pipeline-using-kinesis-fargate-cfnIntelligent serverless-streaming-pipeline-using-kinesis-fargate-cfn
Intelligent serverless-streaming-pipeline-using-kinesis-fargate-cfn
 
Docker Dublin: Just What is a Service Mesh, and if I get one will it make eve...
Docker Dublin: Just What is a Service Mesh, and if I get one will it make eve...Docker Dublin: Just What is a Service Mesh, and if I get one will it make eve...
Docker Dublin: Just What is a Service Mesh, and if I get one will it make eve...
 
AWS Community Day Bay Area 2020- Intelligent Scalable and Serverless Real-tim...
AWS Community Day Bay Area 2020- Intelligent Scalable and Serverless Real-tim...AWS Community Day Bay Area 2020- Intelligent Scalable and Serverless Real-tim...
AWS Community Day Bay Area 2020- Intelligent Scalable and Serverless Real-tim...
 
An Azure of Things, a developer’s perspective
An Azure of Things, a developer’s perspectiveAn Azure of Things, a developer’s perspective
An Azure of Things, a developer’s perspective
 
20160304 blockchain in fsi client ready raymond
20160304 blockchain in fsi client ready raymond20160304 blockchain in fsi client ready raymond
20160304 blockchain in fsi client ready raymond
 
Shared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWSShared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWS
 
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
 
ENT401 Deep Dive with Amazon EC2 Systems Manager
ENT401 Deep Dive with Amazon EC2 Systems ManagerENT401 Deep Dive with Amazon EC2 Systems Manager
ENT401 Deep Dive with Amazon EC2 Systems Manager
 
Amazon EKS 그리고 Service Mesh (김세호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
Amazon EKS 그리고 Service Mesh (김세호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018Amazon EKS 그리고 Service Mesh (김세호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
Amazon EKS 그리고 Service Mesh (김세호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
 
Apache Stratos (Incubating) is the Platform as a Service (PaaS) project from ...
Apache Stratos (Incubating) is the Platform as a Service (PaaS) project from ...Apache Stratos (Incubating) is the Platform as a Service (PaaS) project from ...
Apache Stratos (Incubating) is the Platform as a Service (PaaS) project from ...
 
Understanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and TechnologyUnderstanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and Technology
 
Four Scenarios for Using an Integration Service Environment (ISE)
Four Scenarios for Using an Integration Service Environment (ISE)Four Scenarios for Using an Integration Service Environment (ISE)
Four Scenarios for Using an Integration Service Environment (ISE)
 
AWS IoT vs Azure IoT
AWS IoT vs Azure IoTAWS IoT vs Azure IoT
AWS IoT vs Azure IoT
 
사물 인터넷을 위한 AWS FreeRTOS 소개 - 트랙1, Community Day 2018 re:Invent 특집
사물 인터넷을 위한 AWS FreeRTOS 소개 - 트랙1, Community Day 2018 re:Invent 특집사물 인터넷을 위한 AWS FreeRTOS 소개 - 트랙1, Community Day 2018 re:Invent 특집
사물 인터넷을 위한 AWS FreeRTOS 소개 - 트랙1, Community Day 2018 re:Invent 특집
 
Global Azure Bootcamp: Azure service fabric
Global Azure Bootcamp: Azure service fabric Global Azure Bootcamp: Azure service fabric
Global Azure Bootcamp: Azure service fabric
 
Service fabric and azure service fabric mesh
Service fabric and azure service fabric meshService fabric and azure service fabric mesh
Service fabric and azure service fabric mesh
 
사물 인터넷을 위한 AWS FreeRTOS 소개
사물 인터넷을 위한 AWS FreeRTOS 소개사물 인터넷을 위한 AWS FreeRTOS 소개
사물 인터넷을 위한 AWS FreeRTOS 소개
 
Cozystack: Free PaaS platform and framework for building clouds
Cozystack: Free PaaS platform and framework for building cloudsCozystack: Free PaaS platform and framework for building clouds
Cozystack: Free PaaS platform and framework for building clouds
 
AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23
 

More from Yahoo Developer Network

Developing Mobile Apps for Performance - Swapnil Patel, Verizon Media
Developing Mobile Apps for Performance - Swapnil Patel, Verizon MediaDeveloping Mobile Apps for Performance - Swapnil Patel, Verizon Media
Developing Mobile Apps for Performance - Swapnil Patel, Verizon MediaYahoo Developer Network
 
Athenz & SPIFFE, Tatsuya Yano, Yahoo Japan
Athenz & SPIFFE, Tatsuya Yano, Yahoo JapanAthenz & SPIFFE, Tatsuya Yano, Yahoo Japan
Athenz & SPIFFE, Tatsuya Yano, Yahoo JapanYahoo Developer Network
 
Big Data Serving with Vespa - Jon Bratseth, Distinguished Architect, Oath
Big Data Serving with Vespa - Jon Bratseth, Distinguished Architect, OathBig Data Serving with Vespa - Jon Bratseth, Distinguished Architect, Oath
Big Data Serving with Vespa - Jon Bratseth, Distinguished Architect, OathYahoo Developer Network
 
How @TwitterHadoop Chose Google Cloud, Joep Rottinghuis, Lohit VijayaRenu
How @TwitterHadoop Chose Google Cloud, Joep Rottinghuis, Lohit VijayaRenuHow @TwitterHadoop Chose Google Cloud, Joep Rottinghuis, Lohit VijayaRenu
How @TwitterHadoop Chose Google Cloud, Joep Rottinghuis, Lohit VijayaRenuYahoo Developer Network
 
The Future of Hadoop in an AI World, Milind Bhandarkar, CEO, Ampool
The Future of Hadoop in an AI World, Milind Bhandarkar, CEO, AmpoolThe Future of Hadoop in an AI World, Milind Bhandarkar, CEO, Ampool
The Future of Hadoop in an AI World, Milind Bhandarkar, CEO, AmpoolYahoo Developer Network
 
Apache YARN Federation and Tez at Microsoft, Anupam Upadhyay, Adrian Nicoara,...
Apache YARN Federation and Tez at Microsoft, Anupam Upadhyay, Adrian Nicoara,...Apache YARN Federation and Tez at Microsoft, Anupam Upadhyay, Adrian Nicoara,...
Apache YARN Federation and Tez at Microsoft, Anupam Upadhyay, Adrian Nicoara,...Yahoo Developer Network
 
Containerized Services on Apache Hadoop YARN: Past, Present, and Future, Shan...
Containerized Services on Apache Hadoop YARN: Past, Present, and Future, Shan...Containerized Services on Apache Hadoop YARN: Past, Present, and Future, Shan...
Containerized Services on Apache Hadoop YARN: Past, Present, and Future, Shan...Yahoo Developer Network
 
HDFS Scalability and Security, Daryn Sharp, Senior Engineer, Oath
HDFS Scalability and Security, Daryn Sharp, Senior Engineer, OathHDFS Scalability and Security, Daryn Sharp, Senior Engineer, Oath
HDFS Scalability and Security, Daryn Sharp, Senior Engineer, OathYahoo Developer Network
 
Hadoop {Submarine} Project: Running deep learning workloads on YARN, Wangda T...
Hadoop {Submarine} Project: Running deep learning workloads on YARN, Wangda T...Hadoop {Submarine} Project: Running deep learning workloads on YARN, Wangda T...
Hadoop {Submarine} Project: Running deep learning workloads on YARN, Wangda T...Yahoo Developer Network
 
Moving the Oath Grid to Docker, Eric Badger, Oath
Moving the Oath Grid to Docker, Eric Badger, OathMoving the Oath Grid to Docker, Eric Badger, Oath
Moving the Oath Grid to Docker, Eric Badger, OathYahoo Developer Network
 
Architecting Petabyte Scale AI Applications
Architecting Petabyte Scale AI ApplicationsArchitecting Petabyte Scale AI Applications
Architecting Petabyte Scale AI ApplicationsYahoo Developer Network
 
Introduction to Vespa – The Open Source Big Data Serving Engine, Jon Bratseth...
Introduction to Vespa – The Open Source Big Data Serving Engine, Jon Bratseth...Introduction to Vespa – The Open Source Big Data Serving Engine, Jon Bratseth...
Introduction to Vespa – The Open Source Big Data Serving Engine, Jon Bratseth...Yahoo Developer Network
 
Jun 2017 HUG: YARN Scheduling – A Step Beyond
Jun 2017 HUG: YARN Scheduling – A Step BeyondJun 2017 HUG: YARN Scheduling – A Step Beyond
Jun 2017 HUG: YARN Scheduling – A Step BeyondYahoo Developer Network
 
Jun 2017 HUG: Large-Scale Machine Learning: Use Cases and Technologies
Jun 2017 HUG: Large-Scale Machine Learning: Use Cases and Technologies Jun 2017 HUG: Large-Scale Machine Learning: Use Cases and Technologies
Jun 2017 HUG: Large-Scale Machine Learning: Use Cases and Technologies Yahoo Developer Network
 
February 2017 HUG: Slow, Stuck, or Runaway Apps? Learn How to Quickly Fix Pro...
February 2017 HUG: Slow, Stuck, or Runaway Apps? Learn How to Quickly Fix Pro...February 2017 HUG: Slow, Stuck, or Runaway Apps? Learn How to Quickly Fix Pro...
February 2017 HUG: Slow, Stuck, or Runaway Apps? Learn How to Quickly Fix Pro...Yahoo Developer Network
 
February 2017 HUG: Exactly-once end-to-end processing with Apache Apex
February 2017 HUG: Exactly-once end-to-end processing with Apache ApexFebruary 2017 HUG: Exactly-once end-to-end processing with Apache Apex
February 2017 HUG: Exactly-once end-to-end processing with Apache ApexYahoo Developer Network
 
February 2017 HUG: Data Sketches: A required toolkit for Big Data Analytics
February 2017 HUG: Data Sketches: A required toolkit for Big Data AnalyticsFebruary 2017 HUG: Data Sketches: A required toolkit for Big Data Analytics
February 2017 HUG: Data Sketches: A required toolkit for Big Data AnalyticsYahoo Developer Network
 
October 2016 HUG: Pulsar,  a highly scalable, low latency pub-sub messaging s...
October 2016 HUG: Pulsar,  a highly scalable, low latency pub-sub messaging s...October 2016 HUG: Pulsar,  a highly scalable, low latency pub-sub messaging s...
October 2016 HUG: Pulsar,  a highly scalable, low latency pub-sub messaging s...Yahoo Developer Network
 
October 2016 HUG: Architecture of an Open Source RDBMS powered by HBase and ...
October 2016 HUG: Architecture of an Open Source RDBMS powered by HBase and ...October 2016 HUG: Architecture of an Open Source RDBMS powered by HBase and ...
October 2016 HUG: Architecture of an Open Source RDBMS powered by HBase and ...Yahoo Developer Network
 

More from Yahoo Developer Network (20)

Developing Mobile Apps for Performance - Swapnil Patel, Verizon Media
Developing Mobile Apps for Performance - Swapnil Patel, Verizon MediaDeveloping Mobile Apps for Performance - Swapnil Patel, Verizon Media
Developing Mobile Apps for Performance - Swapnil Patel, Verizon Media
 
Athenz & SPIFFE, Tatsuya Yano, Yahoo Japan
Athenz & SPIFFE, Tatsuya Yano, Yahoo JapanAthenz & SPIFFE, Tatsuya Yano, Yahoo Japan
Athenz & SPIFFE, Tatsuya Yano, Yahoo Japan
 
CICD at Oath using Screwdriver
CICD at Oath using ScrewdriverCICD at Oath using Screwdriver
CICD at Oath using Screwdriver
 
Big Data Serving with Vespa - Jon Bratseth, Distinguished Architect, Oath
Big Data Serving with Vespa - Jon Bratseth, Distinguished Architect, OathBig Data Serving with Vespa - Jon Bratseth, Distinguished Architect, Oath
Big Data Serving with Vespa - Jon Bratseth, Distinguished Architect, Oath
 
How @TwitterHadoop Chose Google Cloud, Joep Rottinghuis, Lohit VijayaRenu
How @TwitterHadoop Chose Google Cloud, Joep Rottinghuis, Lohit VijayaRenuHow @TwitterHadoop Chose Google Cloud, Joep Rottinghuis, Lohit VijayaRenu
How @TwitterHadoop Chose Google Cloud, Joep Rottinghuis, Lohit VijayaRenu
 
The Future of Hadoop in an AI World, Milind Bhandarkar, CEO, Ampool
The Future of Hadoop in an AI World, Milind Bhandarkar, CEO, AmpoolThe Future of Hadoop in an AI World, Milind Bhandarkar, CEO, Ampool
The Future of Hadoop in an AI World, Milind Bhandarkar, CEO, Ampool
 
Apache YARN Federation and Tez at Microsoft, Anupam Upadhyay, Adrian Nicoara,...
Apache YARN Federation and Tez at Microsoft, Anupam Upadhyay, Adrian Nicoara,...Apache YARN Federation and Tez at Microsoft, Anupam Upadhyay, Adrian Nicoara,...
Apache YARN Federation and Tez at Microsoft, Anupam Upadhyay, Adrian Nicoara,...
 
Containerized Services on Apache Hadoop YARN: Past, Present, and Future, Shan...
Containerized Services on Apache Hadoop YARN: Past, Present, and Future, Shan...Containerized Services on Apache Hadoop YARN: Past, Present, and Future, Shan...
Containerized Services on Apache Hadoop YARN: Past, Present, and Future, Shan...
 
HDFS Scalability and Security, Daryn Sharp, Senior Engineer, Oath
HDFS Scalability and Security, Daryn Sharp, Senior Engineer, OathHDFS Scalability and Security, Daryn Sharp, Senior Engineer, Oath
HDFS Scalability and Security, Daryn Sharp, Senior Engineer, Oath
 
Hadoop {Submarine} Project: Running deep learning workloads on YARN, Wangda T...
Hadoop {Submarine} Project: Running deep learning workloads on YARN, Wangda T...Hadoop {Submarine} Project: Running deep learning workloads on YARN, Wangda T...
Hadoop {Submarine} Project: Running deep learning workloads on YARN, Wangda T...
 
Moving the Oath Grid to Docker, Eric Badger, Oath
Moving the Oath Grid to Docker, Eric Badger, OathMoving the Oath Grid to Docker, Eric Badger, Oath
Moving the Oath Grid to Docker, Eric Badger, Oath
 
Architecting Petabyte Scale AI Applications
Architecting Petabyte Scale AI ApplicationsArchitecting Petabyte Scale AI Applications
Architecting Petabyte Scale AI Applications
 
Introduction to Vespa – The Open Source Big Data Serving Engine, Jon Bratseth...
Introduction to Vespa – The Open Source Big Data Serving Engine, Jon Bratseth...Introduction to Vespa – The Open Source Big Data Serving Engine, Jon Bratseth...
Introduction to Vespa – The Open Source Big Data Serving Engine, Jon Bratseth...
 
Jun 2017 HUG: YARN Scheduling – A Step Beyond
Jun 2017 HUG: YARN Scheduling – A Step BeyondJun 2017 HUG: YARN Scheduling – A Step Beyond
Jun 2017 HUG: YARN Scheduling – A Step Beyond
 
Jun 2017 HUG: Large-Scale Machine Learning: Use Cases and Technologies
Jun 2017 HUG: Large-Scale Machine Learning: Use Cases and Technologies Jun 2017 HUG: Large-Scale Machine Learning: Use Cases and Technologies
Jun 2017 HUG: Large-Scale Machine Learning: Use Cases and Technologies
 
February 2017 HUG: Slow, Stuck, or Runaway Apps? Learn How to Quickly Fix Pro...
February 2017 HUG: Slow, Stuck, or Runaway Apps? Learn How to Quickly Fix Pro...February 2017 HUG: Slow, Stuck, or Runaway Apps? Learn How to Quickly Fix Pro...
February 2017 HUG: Slow, Stuck, or Runaway Apps? Learn How to Quickly Fix Pro...
 
February 2017 HUG: Exactly-once end-to-end processing with Apache Apex
February 2017 HUG: Exactly-once end-to-end processing with Apache ApexFebruary 2017 HUG: Exactly-once end-to-end processing with Apache Apex
February 2017 HUG: Exactly-once end-to-end processing with Apache Apex
 
February 2017 HUG: Data Sketches: A required toolkit for Big Data Analytics
February 2017 HUG: Data Sketches: A required toolkit for Big Data AnalyticsFebruary 2017 HUG: Data Sketches: A required toolkit for Big Data Analytics
February 2017 HUG: Data Sketches: A required toolkit for Big Data Analytics
 
October 2016 HUG: Pulsar,  a highly scalable, low latency pub-sub messaging s...
October 2016 HUG: Pulsar,  a highly scalable, low latency pub-sub messaging s...October 2016 HUG: Pulsar,  a highly scalable, low latency pub-sub messaging s...
October 2016 HUG: Pulsar,  a highly scalable, low latency pub-sub messaging s...
 
October 2016 HUG: Architecture of an Open Source RDBMS powered by HBase and ...
October 2016 HUG: Architecture of an Open Source RDBMS powered by HBase and ...October 2016 HUG: Architecture of an Open Source RDBMS powered by HBase and ...
October 2016 HUG: Architecture of an Open Source RDBMS powered by HBase and ...
 

Recently uploaded

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 

Recently uploaded (20)

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 

Athenz with Istio - Single Access Control Model in Cloud Infrastructures, Tatsuya Yano, Yahoo Japan

  • 1. Athenz with Istio: Single Access Control Model in Cloud Infrastructures
  • 2. Agenda • What is Athenz? • Service Authentication • Authorization • Multi-cloud in Yahoo Japan • How do we integrate with Istio? • Why Istio? • Benefit of using Athenz with Istio
  • 3. About • Tatsuya Yano • Platform Developer, Yahoo Japan Corporation • Contributor to Athenz • Open Source Summit Japan (https://sched.co/FDjp)
  • 4. Athenz: Open Source System Created by Yahoo Inc. • Service Authentication • Provide secure identity in the form short lived x.509 certificate to every workload / service in modern environments • Authorization • Provides fine-grained Role Based Access Control (RBAC)
  • 6. Authentication • User Authentication • AD / LDAP / Kerberos / etc • Service Authentication • Instances within a service with a unique identity to enable secure communication • IP / Networks ACLs / iptable • Headless/Automation users • Shared secrets • Mutual TLS with x.509 certificates
  • 7. Certificate Based Authentication • Every instance / service in your cloud has its own identity • Stronger security by Mutual TLS Authentication • Zero-trust security • Short Lived Certificates
  • 8. Copper Argos • Generalized model for authorized service providers to launch other service identities in an authorized way through a callback-based verification model. Providers OpenStack Kubernetes Screwdriver Amazon EC2 AWS ECS AWS Lambda
  • 15. Advantages of Athenz • To provide service identity X.509 certificates for services running in common providers like Kubernetes, OpenStack or AWS that can be used for mutual TLS authentication. • To have precise and frequently configurable access controls with single source of truth.
  • 17. How do we integrate with Istio?
  • 18. Why use Istio? • Automatic load balancing. • Fine-grained control of traffic behavior. • A pluggable policy layer and configuration API. • Automatic metrics, logs, and traces for all traffic. • Secure service-to-service communication. Referred from: https://istio.io/docs/concepts/what-is-istio/
  • 19. Benefits of using Athenz with Istio • Istio is in CNCF landscape. • Service mesh strongly supports microservices architecture. + • Athenz enables single access control model in multi cloud.
  • 21. Example integration: Athenz Istio Mixer adapter Referred from: https://istio.io/blog/2017/adapter-model/
  • 23. Other use-case: Simplified mTLS authN/Z using Istio/Athenz
  • 24. Simplified mTLS authN/Z using Istio/Athenz Athenz Istio Auth Controller Kubernetes API Fetch role/policy information from Athenz Setup a watch on namespaces Create/update/delete Istio CRs - ServiceRole and ServiceRolebinding based on fetched Athenz data Athenz Istio Auth Controller translates Athenz defined roles/policies into Istio CRs - ServiceRole and ServiceRolebinding Watch ServiceRole and ServiceRoleBinding https://github.com/yahoo/k8s-athenz-istio-auth
  • 26. Future plans •Currently • On Premises and AWS Provisioning •Planned • Provide Athenz servers with Docker images • Helm charts • Productionize Athenz x509 certificate provisioning • Productionize the authorization flow using Istio Envoy
  • 27. Resources • Website : http://www.athenz.io • Github: https://github.com/yahoo/athenz • Slack Channel: https://athenz.slack.com/ • Discussion Group: • Google Group: Athenz-Users • Questions or Comments: • Tatsuya Yano: tatyano@yahoo-corp.jp
  • 30. Q & A