[Re-Cap] SPIFFE Community Day: Spring 2020

Compelling case studies, increasing adoption, and big plans for the future …

On April 24, 2020, the SPIFFE community held its largest gathering of contributors and users to date. This gathering connects project committers, maintainers, and users, showcases recent project innovations, and facilitates an exchange of experiences regarding how SPIFFE and SPIRE are put into practice to address cross-workload authentication across heterogeneous IT environments.

The event, held 100% online for the first time, had 300+ registered attendees from 120 organizations (100% YoY growth). The event also featured presentations from end-users like ByteDance (makers of TikTok), Square, TransferWise, and Uber, and also featured a remarkable demo showcasing SPIRE and Open Policy Agent providing an integrated solution for authentication and authorization.

In case you missed it or want to watch it again, no need to worry. Below you will find the video highlights:

Introductions, Roadmap & Project Updates

Community introductions: Engineers from GitHub, HPE, Doc.ai, Anthem, IBM, Frontdoor, and the CNCF Network Service Mesh project share why they are interested in adopting SPIFFE and SPIRE.

The SPIFFE Continuum — a set of real values: Andres Vega from HPE shares project highlights since the Fall ’19 gathering, and also dives into the roadmap.

Project update from SIG-Spec: Justin Burke from Google provides an update on the burgeoning SPIFFE federation specification.

SPIRE project updates: Tyler Julian from Uber and Andrew Harding from HPE provide an update on SPIRE, including highlights from the 0.10 release and version 2 of the go-spiffe library.

End-user talks on SPIRE

• Establishing Trust Across Regulatory Boundaries in Complex, Heterogeneous Infrastructures With SPIRE: Jonathan Oddy from TransferWise talks about how they are using SPIRE to move away from shared secrets and easily establish strong trust between software systems running across different domains. He also highlights the benefits achieved and the next steps with their SPIRE deployment.
• Lessons Learned While Designing Scalable, PKI-based Authentication With SPIRE: Eli Nesterov from ByteDance shares why his team decided to use SPIRE and their deployment strategy. He also provides tips on how to convince different platform teams to standardize on SPIRE.

End-user talks focused on operationalizing SPIRE

• Operationalizing SPIRE at Square: Matthew McPherrin from Square talks about how they went from prototypes to an operational, production-quality SPIRE deployment that they are happy to rely on. He shares deployment architecture, testing scenarios, monitoring strategies, and recovery from issues they ran into.
• Observability in SPIRE at Scale: Andrew Moore from Uber talks about Uber’s experience with observability in SPIRE at their scale. He provided an overview of their telemetry implementation and shared what the community can do to fine-tune observability.

Demo

• Decoupled Authentication & Authorization for the Cloud Native Enterprise with OPA and SPIRE (Demo): Ash Narkar from Styra shows how you can enable decoupled authentication and authorization with SPIRE and OPA. Ash used the new version of the go-spiffe library to demonstrate how easily the two CNCF projects can be integrated.

Community User Research

• SPIFFE 2020 Use Case Survey Insights: Catherine Hicks from HPE shares insights from a recent community survey conducted on user needs and use cases. If you are interested in giving us feedback via an interview or getting on our survey list, please sign up here.

A big thank you to all the presenters and the attendees who actively participated in the event.

Join us on Slack to share ideas, ask questions, and learn from those using SPIFFE and SPIRE to implement zero-trust security for cloud-native architectures.