CLOUD NATIVE SERVICE IDENTITY PLANE FOR ZERO TRUST MODEL
SPIFFE and SPIRE, which were recently accepted into the CNCF Incubator, provide a standard and tooling for establishing trust between software services - without necessarily using secrets or network-based security controls. These projects enable organizations to deploy consistent, fine-grained cross-service authentication via a “dial-tone” API across heterogeneous environments.
+ show more
Inspired by production infrastructure at Facebook, Google, Netflix, and more, SPIFFE is a set of open-source standards for securely authenticating software services in dynamic and heterogeneous environments through the use of platform-agnostic, cryptographic identities. SPIRE is an open-source system that implements the SPIFFE specification in a wide variety of environments.
The open-source SPIFFE and SPIRE projects are your foundation for building ridiculously secure software, even between multiple clouds and clusters. In this talk, Andrew Jessup (HPE) and Andres Vega (HPE), will guide you through five practical applications with the open-source SPIFFE and SPIRE projects.
SPIFFE and SPIRE help enable zero trust by delivering continuously attested service identity across cloud, container, and on-premise enterprise IT infrastructure. In this video Evan Gilman, co-author O'Reilly's book "Zero Trust Networks" and a maintainer for SPIRE, talks about the importance of service authentication in zero trust networks and how SPIRE can help you with that.
Project Cosigno extends SPIRE by including a web-based management console, operator logging, and integration into enterprise SSO, IAM, and SIEM management platforms.