�ݺ�ߣshows by User: TorinSandall

�ݺ�ߣshows by User: TorinSandall / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: TorinSandall / Wed, 23 Jan 2019 19:15:50 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: TorinSandall Open Policy Agent /TorinSandall/open-policy-agent-128970409 openpolicyagent-190123191550
The Open Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.]]>
The Open Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.]]> Wed, 23 Jan 2019 19:15:50 GMT /TorinSandall/open-policy-agent-128970409 TorinSandall@slideshare.net(TorinSandall) Open Policy Agent TorinSandall The Open Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/openpolicyagent-190123191550-thumbnail.jpg?width=120&height=120&fit=bounds" /> The Open Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.

Open Policy Agent from Torin Sandall

]]> 7506 6 https://cdn.slidesharecdn.com/ss_thumbnails/openpolicyagent-190123191550-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Open Policy Agent Deep Dive Seattle 2018 /TorinSandall/open-policy-agent-deep-dive-seattle-2018 opadeepdivesessionkubeconus2018-181214180120
Topics: * Background on Open Policy Agent project: users, use cases, and stats. * How OPA works (decoupling policy decision-making from enforcement) * Hands-on example: Users can view their own account details and support staff can view accounts they have are assigned to via a ticketing system. * SQL data filtering use case: writing policy in OPA and enforcing policy in SQL. * WebAssembly compiler.]]>
Topics: * Background on Open Policy Agent project: users, use cases, and stats. * How OPA works (decoupling policy decision-making from enforcement) * Hands-on example: Users can view their own account details and support staff can view accounts they have are assigned to via a ticketing system. * SQL data filtering use case: writing policy in OPA and enforcing policy in SQL. * WebAssembly compiler.]]> Fri, 14 Dec 2018 18:01:19 GMT /TorinSandall/open-policy-agent-deep-dive-seattle-2018 TorinSandall@slideshare.net(TorinSandall) Open Policy Agent Deep Dive Seattle 2018 TorinSandall Topics: * Background on Open Policy Agent project: users, use cases, and stats. * How OPA works (decoupling policy decision-making from enforcement) * Hands-on example: Users can view their own account details and support staff can view accounts they have are assigned to via a ticketing system. * SQL data filtering use case: writing policy in OPA and enforcing policy in SQL. * WebAssembly compiler. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/opadeepdivesessionkubeconus2018-181214180120-thumbnail.jpg?width=120&height=120&fit=bounds" /> Topics: * Background on Open Policy Agent project: users, use cases, and stats. * How OPA works (decoupling policy decision-making from enforcement) * Hands-on example: Users can view their own account details and support staff can view accounts they have are assigned to via a ticketing system. * SQL data filtering use case: writing policy in OPA and enforcing policy in SQL. * WebAssembly compiler.

Open Policy Agent Deep Dive Seattle 2018 from Torin Sandall

]]> 2759 9 https://cdn.slidesharecdn.com/ss_thumbnails/opadeepdivesessionkubeconus2018-181214180120-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Dynamic Authorization & Policy Control for Docker Environments /slideshow/dynamic-authorization-policy-control-for-docker-environments/124918410 dynamicauthorizationandpolicycontrol-181204142027
How do you enable rapid deployment of innovative applications on top of Docker containers while still satisfying strict requirements from your InfoSec and compliance departments? The Open Policy Agent (OPA), an open-source tool, enables you to update and enforce policies without slowing down developers or modifying application code. In this talk, Justin Cormack (Security Engineer at Docker) and Torin Sandall (Co-founder of the OPA project) will show how you can leverage the integrations between Docker and OPA to enforce fine-grained policies in your organization's container platform while still allowing your developers to move quickly. This talk is targeted at engineers building and operating container platforms who are interested in security and policy enforcement. The audience can expect to take aware fresh ideas about how to enforce fine-grained security policies across their container platform.]]>
How do you enable rapid deployment of innovative applications on top of Docker containers while still satisfying strict requirements from your InfoSec and compliance departments? The Open Policy Agent (OPA), an open-source tool, enables you to update and enforce policies without slowing down developers or modifying application code. In this talk, Justin Cormack (Security Engineer at Docker) and Torin Sandall (Co-founder of the OPA project) will show how you can leverage the integrations between Docker and OPA to enforce fine-grained policies in your organization's container platform while still allowing your developers to move quickly. This talk is targeted at engineers building and operating container platforms who are interested in security and policy enforcement. The audience can expect to take aware fresh ideas about how to enforce fine-grained security policies across their container platform.]]> Tue, 04 Dec 2018 14:20:27 GMT /slideshow/dynamic-authorization-policy-control-for-docker-environments/124918410 TorinSandall@slideshare.net(TorinSandall) Dynamic Authorization & Policy Control for Docker Environments TorinSandall How do you enable rapid deployment of innovative applications on top of Docker containers while still satisfying strict requirements from your InfoSec and compliance departments? The Open Policy Agent (OPA), an open-source tool, enables you to update and enforce policies without slowing down developers or modifying application code. In this talk, Justin Cormack (Security Engineer at Docker) and Torin Sandall (Co-founder of the OPA project) will show how you can leverage the integrations between Docker and OPA to enforce fine-grained policies in your organization's container platform while still allowing your developers to move quickly. This talk is targeted at engineers building and operating container platforms who are interested in security and policy enforcement. The audience can expect to take aware fresh ideas about how to enforce fine-grained security policies across their container platform. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/dynamicauthorizationandpolicycontrol-181204142027-thumbnail.jpg?width=120&height=120&fit=bounds" /> How do you enable rapid deployment of innovative applications on top of Docker containers while still satisfying strict requirements from your InfoSec and compliance departments? The Open Policy Agent (OPA), an open-source tool, enables you to update and enforce policies without slowing down developers or modifying application code. In this talk, Justin Cormack (Security Engineer at Docker) and Torin Sandall (Co-founder of the OPA project) will show how you can leverage the integrations between Docker and OPA to enforce fine-grained policies in your organization's container platform while still allowing your developers to move quickly. This talk is targeted at engineers building and operating container platforms who are interested in security and policy enforcement. The audience can expect to take aware fresh ideas about how to enforce fine-grained security policies across their container platform.

Dynamic Authorization & Policy Control for Docker Environments from Torin Sandall

]]> 1418 2 https://cdn.slidesharecdn.com/ss_thumbnails/dynamicauthorizationandpolicycontrol-181204142027-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Implementing Authorization /slideshow/implementing-authorization/123097884 implementingauthorization-181115144530
Whether you build software for enterprises, mobile, or internal microservices, security is important. Standards like SAML, OIDC, and SPIFFE help you solve identity and authentication, but for them authorization is out of scope. When you need to control "who can do what" in your app, you are on your own. To solve authorization, you may be tempted to hardcode logic against SAML assertions, scopes, or X.509 certificate attributes. But, approaches like this lead to systems that are hard to understand and painful to maintain. This talk shows how to leverage the Open Policy Agent (which is used by companies like Netflix and Chef) to build a powerful authorization system on top of industry-standard authentication protocols. The talk showcases how decoupling leads to authorization solutions that are easier to understand while enabling fine-grained control over the app.]]>
Whether you build software for enterprises, mobile, or internal microservices, security is important. Standards like SAML, OIDC, and SPIFFE help you solve identity and authentication, but for them authorization is out of scope. When you need to control "who can do what" in your app, you are on your own. To solve authorization, you may be tempted to hardcode logic against SAML assertions, scopes, or X.509 certificate attributes. But, approaches like this lead to systems that are hard to understand and painful to maintain. This talk shows how to leverage the Open Policy Agent (which is used by companies like Netflix and Chef) to build a powerful authorization system on top of industry-standard authentication protocols. The talk showcases how decoupling leads to authorization solutions that are easier to understand while enabling fine-grained control over the app.]]> Thu, 15 Nov 2018 14:45:30 GMT /slideshow/implementing-authorization/123097884 TorinSandall@slideshare.net(TorinSandall) Implementing Authorization TorinSandall Whether you build software for enterprises, mobile, or internal microservices, security is important. Standards like SAML, OIDC, and SPIFFE help you solve identity and authentication, but for them authorization is out of scope. When you need to control "who can do what" in your app, you are on your own. To solve authorization, you may be tempted to hardcode logic against SAML assertions, scopes, or X.509 certificate attributes. But, approaches like this lead to systems that are hard to understand and painful to maintain. This talk shows how to leverage the Open Policy Agent (which is used by companies like Netflix and Chef) to build a powerful authorization system on top of industry-standard authentication protocols. The talk showcases how decoupling leads to authorization solutions that are easier to understand while enabling fine-grained control over the app. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/implementingauthorization-181115144530-thumbnail.jpg?width=120&height=120&fit=bounds" /> Whether you build software for enterprises, mobile, or internal microservices, security is important. Standards like SAML, OIDC, and SPIFFE help you solve identity and authentication, but for them authorization is out of scope. When you need to control "who can do what" in your app, you are on your own. To solve authorization, you may be tempted to hardcode logic against SAML assertions, scopes, or X.509 certificate attributes. But, approaches like this lead to systems that are hard to understand and painful to maintain. This talk shows how to leverage the Open Policy Agent (which is used by companies like Netflix and Chef) to build a powerful authorization system on top of industry-standard authentication protocols. The talk showcases how decoupling leads to authorization solutions that are easier to understand while enabling fine-grained control over the app.

Implementing Authorization from Torin Sandall

]]> 2315 2 https://cdn.slidesharecdn.com/ss_thumbnails/implementingauthorization-181115144530-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Rego Deep Dive /slideshow/rego-deep-dive/96644608 languageintroduction-180510225249
These are the slides for the Rego deep dive session from CloudNativeCon EU 2018: https://youtu.be/4mBJSIhs2xQ These slides explain how the Open Policy Agent policy language works. The slides walk through the fundamentals of the language and then cover a few miscellaneous topics like composition, negation, etc.]]>
These are the slides for the Rego deep dive session from CloudNativeCon EU 2018: https://youtu.be/4mBJSIhs2xQ These slides explain how the Open Policy Agent policy language works. The slides walk through the fundamentals of the language and then cover a few miscellaneous topics like composition, negation, etc.]]> Thu, 10 May 2018 22:52:49 GMT /slideshow/rego-deep-dive/96644608 TorinSandall@slideshare.net(TorinSandall) Rego Deep Dive TorinSandall These are the slides for the Rego deep dive session from CloudNativeCon EU 2018: https://youtu.be/4mBJSIhs2xQ These slides explain how the Open Policy Agent policy language works. The slides walk through the fundamentals of the language and then cover a few miscellaneous topics like composition, negation, etc. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/languageintroduction-180510225249-thumbnail.jpg?width=120&height=120&fit=bounds" /> These are the slides for the Rego deep dive session from CloudNativeCon EU 2018: https://youtu.be/4mBJSIhs2xQ These slides explain how the Open Policy Agent policy language works. The slides walk through the fundamentals of the language and then cover a few miscellaneous topics like composition, negation, etc.

Rego Deep Dive from Torin Sandall

]]> 8621 4 https://cdn.slidesharecdn.com/ss_thumbnails/languageintroduction-180510225249-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 OPA: The Cloud Native Policy Engine /slideshow/opa-the-cloud-native-policy-engine/96644504 opathecloudnativepolicyengine-180510224919
�ݺ�ߣs for the CloudNativeCon EU 2018 talk. https://youtu.be/4mBJSIhs2xQ This talk introduces the Open Policy Agent (OPA) project and goes into detail on how you can use OPA to enforce various kinds of policy across the stack.]]>
�ݺ�ߣs for the CloudNativeCon EU 2018 talk. https://youtu.be/4mBJSIhs2xQ This talk introduces the Open Policy Agent (OPA) project and goes into detail on how you can use OPA to enforce various kinds of policy across the stack.]]> Thu, 10 May 2018 22:49:18 GMT /slideshow/opa-the-cloud-native-policy-engine/96644504 TorinSandall@slideshare.net(TorinSandall) OPA: The Cloud Native Policy Engine TorinSandall �ݺ�ߣs for the CloudNativeCon EU 2018 talk. https://youtu.be/4mBJSIhs2xQ This talk introduces the Open Policy Agent (OPA) project and goes into detail on how you can use OPA to enforce various kinds of policy across the stack. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/opathecloudnativepolicyengine-180510224919-thumbnail.jpg?width=120&height=120&fit=bounds" /> �ݺ�ߣs for the CloudNativeCon EU 2018 talk. https://youtu.be/4mBJSIhs2xQ This talk introduces the Open Policy Agent (OPA) project and goes into detail on how you can use OPA to enforce various kinds of policy across the stack.

OPA: The Cloud Native Policy Engine from Torin Sandall

]]> 5509 5 https://cdn.slidesharecdn.com/ss_thumbnails/opathecloudnativepolicyengine-180510224919-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 OPA APIs and Use Case Survey /slideshow/opa-apis-and-use-case-survey/88748364 opaapiandusecases-180223184200
An overview of OPA APIs and different use cases where OPA has been applied in different projects like Kubernetes, Istio, Terraform, AWS, etc.]]>
An overview of OPA APIs and different use cases where OPA has been applied in different projects like Kubernetes, Istio, Terraform, AWS, etc.]]> Fri, 23 Feb 2018 18:42:00 GMT /slideshow/opa-apis-and-use-case-survey/88748364 TorinSandall@slideshare.net(TorinSandall) OPA APIs and Use Case Survey TorinSandall An overview of OPA APIs and different use cases where OPA has been applied in different projects like Kubernetes, Istio, Terraform, AWS, etc. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/opaapiandusecases-180223184200-thumbnail.jpg?width=120&height=120&fit=bounds" /> An overview of OPA APIs and different use cases where OPA has been applied in different projects like Kubernetes, Istio, Terraform, AWS, etc.

OPA APIs and Use Case Survey from Torin Sandall

]]> 3142 9 https://cdn.slidesharecdn.com/ss_thumbnails/opaapiandusecases-180223184200-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 How Netflix Is Solving Authorization Across Their Cloud /slideshow/how-netflix-is-solving-authorization-across-their-cloud/84384095 how-netflix-solves-authorization-across-their-cloud-171218173415
Since 2008, Netflix has been on the cutting edge of cloud-based microservices deployments. In 2017, Netflix is recognized as one of the industry leaders at building and operating “cloud native” systems at scale. Like many organizations, Netflix has unique security requirements for many of their workloads. This variety requires a holistic approach to authorization to address “who can do what” across a range of resources, enforcement points, and execution environments. In this talk, Manish Mehta (Senior Security Software Engineer at Netflix) and Torin Sandall (Technical Lead of the Open Policy Agent project) will present how Netflix is solving authorization across the stack in cloud native environments. The presentation shows how Netflix enforces authorization decisions at scale across various kinds of resources (e.g., HTTP APIs, gRPC methods, SSH), enforcement points (e.g., microservices, proxies, host-level daemons), and execution environments (e.g., VMs, containers) without introducing unreasonable latency. The presentation includes a deep dive into the architecture of the cloud native authorization system at Netflix as well as how authorization decisions can be offloaded to an open source, general-purpose policy engine (Open Policy Agent). This talk is targeted at engineers building and operating cloud native systems who are interested in security and authorization. The audience can expect to take away fresh ideas about how to enforce fine-grained authorization policies across stackthe cloud environment.]]>
Since 2008, Netflix has been on the cutting edge of cloud-based microservices deployments. In 2017, Netflix is recognized as one of the industry leaders at building and operating “cloud native” systems at scale. Like many organizations, Netflix has unique security requirements for many of their workloads. This variety requires a holistic approach to authorization to address “who can do what” across a range of resources, enforcement points, and execution environments. In this talk, Manish Mehta (Senior Security Software Engineer at Netflix) and Torin Sandall (Technical Lead of the Open Policy Agent project) will present how Netflix is solving authorization across the stack in cloud native environments. The presentation shows how Netflix enforces authorization decisions at scale across various kinds of resources (e.g., HTTP APIs, gRPC methods, SSH), enforcement points (e.g., microservices, proxies, host-level daemons), and execution environments (e.g., VMs, containers) without introducing unreasonable latency. The presentation includes a deep dive into the architecture of the cloud native authorization system at Netflix as well as how authorization decisions can be offloaded to an open source, general-purpose policy engine (Open Policy Agent). This talk is targeted at engineers building and operating cloud native systems who are interested in security and authorization. The audience can expect to take away fresh ideas about how to enforce fine-grained authorization policies across stackthe cloud environment.]]> Mon, 18 Dec 2017 17:34:15 GMT /slideshow/how-netflix-is-solving-authorization-across-their-cloud/84384095 TorinSandall@slideshare.net(TorinSandall) How Netflix Is Solving Authorization Across Their Cloud TorinSandall Since 2008, Netflix has been on the cutting edge of cloud-based microservices deployments. In 2017, Netflix is recognized as one of the industry leaders at building and operating “cloud native” systems at scale. Like many organizations, Netflix has unique security requirements for many of their workloads. This variety requires a holistic approach to authorization to address “who can do what” across a range of resources, enforcement points, and execution environments. In this talk, Manish Mehta (Senior Security Software Engineer at Netflix) and Torin Sandall (Technical Lead of the Open Policy Agent project) will present how Netflix is solving authorization across the stack in cloud native environments. The presentation shows how Netflix enforces authorization decisions at scale across various kinds of resources (e.g., HTTP APIs, gRPC methods, SSH), enforcement points (e.g., microservices, proxies, host-level daemons), and execution environments (e.g., VMs, containers) without introducing unreasonable latency. The presentation includes a deep dive into the architecture of the cloud native authorization system at Netflix as well as how authorization decisions can be offloaded to an open source, general-purpose policy engine (Open Policy Agent). This talk is targeted at engineers building and operating cloud native systems who are interested in security and authorization. The audience can expect to take away fresh ideas about how to enforce fine-grained authorization policies across stackthe cloud environment. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/how-netflix-solves-authorization-across-their-cloud-171218173415-thumbnail.jpg?width=120&height=120&fit=bounds" /> Since 2008, Netflix has been on the cutting edge of cloud-based microservices deployments. In 2017, Netflix is recognized as one of the industry leaders at building and operating “cloud native” systems at scale. Like many organizations, Netflix has unique security requirements for many of their workloads. This variety requires a holistic approach to authorization to address “who can do what” across a range of resources, enforcement points, and execution environments. In this talk, Manish Mehta (Senior Security Software Engineer at Netflix) and Torin Sandall (Technical Lead of the Open Policy Agent project) will present how Netflix is solving authorization across the stack in cloud native environments. The presentation shows how Netflix enforces authorization decisions at scale across various kinds of resources (e.g., HTTP APIs, gRPC methods, SSH), enforcement points (e.g., microservices, proxies, host-level daemons), and execution environments (e.g., VMs, containers) without introducing unreasonable latency. The presentation includes a deep dive into the architecture of the cloud native authorization system at Netflix as well as how authorization decisions can be offloaded to an open source, general-purpose policy engine (Open Policy Agent). This talk is targeted at engineers building and operating cloud native systems who are interested in security and authorization. The audience can expect to take away fresh ideas about how to enforce fine-grained authorization policies across stackthe cloud environment.

How Netflix Is Solving Authorization Across Their Cloud from Torin Sandall

]]> 10886 7 https://cdn.slidesharecdn.com/ss_thumbnails/how-netflix-solves-authorization-across-their-cloud-171218173415-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Istio's mixer policy enforcement with custom adapters (cloud nativecon 17) /slideshow/istios-mixer-policy-enforcement-with-custom-adapters-cloud-nativecon-17/83877455 istiosmixerpolicyenforcementwithcustomadapterscloudnativecon17-171211193926
The Istio service mesh provides a highly extensible platform to connect, manage, and secure microservices. Istio’s highly extensible nature is one of the main selling points as it allows you to enforce your own organization-specific policies across large fleets of microservices. At the same time, new technology always has a learning curve, and with all this extensibility and generality the task can be quite daunting. In this talk, Limin Wang (Software Engineer at Google) and Torin Sandall (Technical Lead of the Open Policy Agent project) explain how Istio’s Mixer works and lead a deep dive into Mixer Adapter development. The talk shows (with demos) how the Mixer Adapter model enables custom policy enforcement and how the model is used to integrate third party policy engines like the Open Policy Agent. This talk is targeted at platform engineers interested in using the Istio service mesh to enforce custom policies in their microservices. The talk also provides new ideas about the kinds of policies that can be enforced in Istio today.]]>
The Istio service mesh provides a highly extensible platform to connect, manage, and secure microservices. Istio’s highly extensible nature is one of the main selling points as it allows you to enforce your own organization-specific policies across large fleets of microservices. At the same time, new technology always has a learning curve, and with all this extensibility and generality the task can be quite daunting. In this talk, Limin Wang (Software Engineer at Google) and Torin Sandall (Technical Lead of the Open Policy Agent project) explain how Istio’s Mixer works and lead a deep dive into Mixer Adapter development. The talk shows (with demos) how the Mixer Adapter model enables custom policy enforcement and how the model is used to integrate third party policy engines like the Open Policy Agent. This talk is targeted at platform engineers interested in using the Istio service mesh to enforce custom policies in their microservices. The talk also provides new ideas about the kinds of policies that can be enforced in Istio today.]]> Mon, 11 Dec 2017 19:39:26 GMT /slideshow/istios-mixer-policy-enforcement-with-custom-adapters-cloud-nativecon-17/83877455 TorinSandall@slideshare.net(TorinSandall) Istio's mixer policy enforcement with custom adapters (cloud nativecon 17) TorinSandall The Istio service mesh provides a highly extensible platform to connect, manage, and secure microservices. Istio’s highly extensible nature is one of the main selling points as it allows you to enforce your own organization-specific policies across large fleets of microservices. At the same time, new technology always has a learning curve, and with all this extensibility and generality the task can be quite daunting. In this talk, Limin Wang (Software Engineer at Google) and Torin Sandall (Technical Lead of the Open Policy Agent project) explain how Istio’s Mixer works and lead a deep dive into Mixer Adapter development. The talk shows (with demos) how the Mixer Adapter model enables custom policy enforcement and how the model is used to integrate third party policy engines like the Open Policy Agent. This talk is targeted at platform engineers interested in using the Istio service mesh to enforce custom policies in their microservices. The talk also provides new ideas about the kinds of policies that can be enforced in Istio today. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/istiosmixerpolicyenforcementwithcustomadapterscloudnativecon17-171211193926-thumbnail.jpg?width=120&height=120&fit=bounds" /> The Istio service mesh provides a highly extensible platform to connect, manage, and secure microservices. Istio’s highly extensible nature is one of the main selling points as it allows you to enforce your own organization-specific policies across large fleets of microservices. At the same time, new technology always has a learning curve, and with all this extensibility and generality the task can be quite daunting. In this talk, Limin Wang (Software Engineer at Google) and Torin Sandall (Technical Lead of the Open Policy Agent project) explain how Istio’s Mixer works and lead a deep dive into Mixer Adapter development. The talk shows (with demos) how the Mixer Adapter model enables custom policy enforcement and how the model is used to integrate third party policy engines like the Open Policy Agent. This talk is targeted at platform engineers interested in using the Istio service mesh to enforce custom policies in their microservices. The talk also provides new ideas about the kinds of policies that can be enforced in Istio today.

Istio's mixer policy enforcement with custom adapters (cloud nativecon 17) from Torin Sandall

]]> 2376 5 https://cdn.slidesharecdn.com/ss_thumbnails/istiosmixerpolicyenforcementwithcustomadapterscloudnativecon17-171211193926-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Enforcing Bespoke Policies in Kubernetes /slideshow/enforcing-bespoke-policies-in-kubernetes/83877237 enforcingbespokepoliciesinkubernetes-171211193545
Kubernetes enables fully-automated, self-service management of large-scale, heterogenous deployments. These deployments are often managed by distributed engineering teams that have unique requirements for how the platform treats their workloads, but at the same time, they must conform to organization-wide constraints around cost, security, and performance. As Kubernetes matures, extensibility has become a critical feature that organizations can leverage to enforce their organization’s bespoke policies. In this talk, Torin explains how to use extensibility features in Kubernetes (e.g., External Admission Control) to enforce custom policies over workloads. The talk shows how to build custom admission controllers using Initializers and Webhooks, and shows how the same features lay the groundwork for policy-based control through integration with third party policy engines like the Open Policy Agent project.]]>
Kubernetes enables fully-automated, self-service management of large-scale, heterogenous deployments. These deployments are often managed by distributed engineering teams that have unique requirements for how the platform treats their workloads, but at the same time, they must conform to organization-wide constraints around cost, security, and performance. As Kubernetes matures, extensibility has become a critical feature that organizations can leverage to enforce their organization’s bespoke policies. In this talk, Torin explains how to use extensibility features in Kubernetes (e.g., External Admission Control) to enforce custom policies over workloads. The talk shows how to build custom admission controllers using Initializers and Webhooks, and shows how the same features lay the groundwork for policy-based control through integration with third party policy engines like the Open Policy Agent project.]]> Mon, 11 Dec 2017 19:35:45 GMT /slideshow/enforcing-bespoke-policies-in-kubernetes/83877237 TorinSandall@slideshare.net(TorinSandall) Enforcing Bespoke Policies in Kubernetes TorinSandall Kubernetes enables fully-automated, self-service management of large-scale, heterogenous deployments. These deployments are often managed by distributed engineering teams that have unique requirements for how the platform treats their workloads, but at the same time, they must conform to organization-wide constraints around cost, security, and performance. As Kubernetes matures, extensibility has become a critical feature that organizations can leverage to enforce their organization’s bespoke policies. In this talk, Torin explains how to use extensibility features in Kubernetes (e.g., External Admission Control) to enforce custom policies over workloads. The talk shows how to build custom admission controllers using Initializers and Webhooks, and shows how the same features lay the groundwork for policy-based control through integration with third party policy engines like the Open Policy Agent project. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/enforcingbespokepoliciesinkubernetes-171211193545-thumbnail.jpg?width=120&height=120&fit=bounds" /> Kubernetes enables fully-automated, self-service management of large-scale, heterogenous deployments. These deployments are often managed by distributed engineering teams that have unique requirements for how the platform treats their workloads, but at the same time, they must conform to organization-wide constraints around cost, security, and performance. As Kubernetes matures, extensibility has become a critical feature that organizations can leverage to enforce their organization’s bespoke policies. In this talk, Torin explains how to use extensibility features in Kubernetes (e.g., External Admission Control) to enforce custom policies over workloads. The talk shows how to build custom admission controllers using Initializers and Webhooks, and shows how the same features lay the groundwork for policy-based control through integration with third party policy engines like the Open Policy Agent project.

Enforcing Bespoke Policies in Kubernetes from Torin Sandall

]]> 1409 4 https://cdn.slidesharecdn.com/ss_thumbnails/enforcingbespokepoliciesinkubernetes-171211193545-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Policy-based Resource Placement Across Hybrid Cloud /slideshow/policybased-resource-placement-across-hybrid-cloud/83876901 policy-basedresourceplacement-171211193020
This deck talks about the resource placement problem in Kubernetes Federation. The deck shows how Federation supports policy-based resource/workload placement across hybrid cloud Kubernetes deployments by leveraging the Open Policy Agent project.]]>
This deck talks about the resource placement problem in Kubernetes Federation. The deck shows how Federation supports policy-based resource/workload placement across hybrid cloud Kubernetes deployments by leveraging the Open Policy Agent project.]]> Mon, 11 Dec 2017 19:30:20 GMT /slideshow/policybased-resource-placement-across-hybrid-cloud/83876901 TorinSandall@slideshare.net(TorinSandall) Policy-based Resource Placement Across Hybrid Cloud TorinSandall This deck talks about the resource placement problem in Kubernetes Federation. The deck shows how Federation supports policy-based resource/workload placement across hybrid cloud Kubernetes deployments by leveraging the Open Policy Agent project. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/policy-basedresourceplacement-171211193020-thumbnail.jpg?width=120&height=120&fit=bounds" /> This deck talks about the resource placement problem in Kubernetes Federation. The deck shows how Federation supports policy-based resource/workload placement across hybrid cloud Kubernetes deployments by leveraging the Open Policy Agent project.

Policy-based Resource Placement Across Hybrid Cloud from Torin Sandall

]]> 779 2 https://cdn.slidesharecdn.com/ss_thumbnails/policy-basedresourceplacement-171211193020-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://public.slidesharecdn.com/v2/images/profile-picture.png https://cdn.slidesharecdn.com/ss_thumbnails/openpolicyagent-190123191550-thumbnail.jpg?width=320&height=320&fit=bounds TorinSandall/open-policy-agent-128970409 Open Policy Agent https://cdn.slidesharecdn.com/ss_thumbnails/opadeepdivesessionkubeconus2018-181214180120-thumbnail.jpg?width=320&height=320&fit=bounds TorinSandall/open-policy-agent-deep-dive-seattle-2018 Open Policy Agent Deep... https://cdn.slidesharecdn.com/ss_thumbnails/dynamicauthorizationandpolicycontrol-181204142027-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/dynamic-authorization-policy-control-for-docker-environments/124918410 Dynamic Authorization ...