AuthN and AuthZ at Cruise - Crawl, Walk, Run
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the evolution of authentication and authorization practices at Cruise in this conference talk. Delve into the journey from basic implementations to advanced zero trust security models within Kubernetes clusters. Learn about the challenges faced, unique solutions developed, and the three-phase approach of Crawl, Walk, Run. Discover how Cruise transitioned from traditional methods to implementing SAML flows, request-driven processes, and external authorization using Open Policy Agent. Gain insights into the company's move from Nginx to Envoy, the implementation of stateless authorization, and the introduction of fine-grained access controls. Understand the importance of transparent TLS between services and the development of new user interfaces to support these security enhancements. This presentation offers valuable lessons for organizations looking to improve their AuthN and AuthZ strategies at scale.
Syllabus
Intro
Three types of callers
Crawl Walk Run
The Bad Old Days
The Crawl Phase
SAML Flow
Request Driven
Walk
Walk Stage
Run Stage
Run Phase
External Authorization
Open Policy Agent
Bundle API
What we did
Moving from Nginx to Envoy
Authentication
Stateless Authorization
Fine Grain Authorization
New UI
All services have auth
Transparent TLS between services
Join us
Questions
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Developing APIs with Google Cloud's Apigee API PlatformGoogle Cloud via Coursera Securing User Access to Citrix ADC
Pluralsight API Security on Google Cloud's Apigee API Platform
Pluralsight Identity & Access Management - Azure Active Directory
Udemy Authenticating Serverless Apps to the Enterprise (Korean)
Amazon Web Services via AWS Skill Builder