Thursday, November 21 • 2:25pm - 3:00pm
Securing Communication Between Meshes and Beyond with SPIFFE Federation - Evan Gilman, Scytale & Oliver Liu, Google

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
One of the hottest features that Istio brings to the table is transparent, mutually-authenticated TLS between all workloads running on it. Under the covers, it relies on SPIFFE to provide the cryptographic identity that is used to perform this mutual authentication.

SPIFFE relies on an authority to issue identity. In an Istio mesh, Istio Citadel (CA) issues certificates to workloads by default... but, what happens when you have more than one Istio mesh, and hence more than one Citadel? Or Istio workloads talking to external services?

Enter SPIFFE federation. It allows SPIFFE identity issuers to peer with each other, enabling workloads in disparate domains to securely authenticate and communicate with each other. In this talk, we will describe the challenges involved here and how SPIFFE addresses them, as well as demonstrate SPIFFE federation between Istio mesh and SPIRE.

avatar for Evan Gilman

Evan Gilman

Engineer, Scytale
Evan Gilman is an engineer with a background in computer networks. With roots in academia, and currently working on the SPIFFE project, he has been building and operating systems in hostile environments his entire professional career. An open source contributor, speaker, and author... Read More →
avatar for Oliver Liu

Oliver Liu

Senior Software Engineer, Google
Dr. Oliver (Yonggang) Liu is a senior software engineer in Google. He is one of the early developers and core engineers of Istio. Oliver has 10 years of experience in research and development of distributed systems and service mesh. Oliver received his PhD degree from University of... Read More →

Thursday November 21, 2019 2:25pm - 3:00pm
Room 6C - San Diego Convention Center Upper Level