You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Title: Secure Identity and Context in Microservices with Tratteria
Speakers: Atul Tulshibagwale/tulshi
Description: Tratteria implements a new IETF OAuth WG draft called "Transaction Tokens" (TraTs). TraTs are short-lived signed JWTs that provide immutable identity and context information in microservices call chains. By providing such immutable context, TraTs prevent attacks like software supply chain, privileged user compromise or malicious insiders, because microservices automatically deny calls that do not have such TraTs associated with them, or the parameters of the call do not match an associated, valid TraT.
Tratteria is a Kubernetes-native framework designed to facilitate the adoption of TraTs in existing applications to secure their call chains. The framework consists of a TraT issuance service, a Kubernetes custom controller for configuration management, and sidecar agents for verifying TraTs. Tratteria requires applications to implement the SPIFFE for service-to-service trust. TraTs generation and verification policies for APIs are described using Kubernetes Custom Resources, allowing applications to describe their services, API endpoints, and immutable context elements (such as path and query parameters, headers, and body elements). Convenient defaults let applications reuse such policy descriptions across a number of microservices. Tratteria documentation includes a tutorial on why TraTs are required, what they are, and how to use them in existing applications. It has a quickstart guide that provides a sample application, which uses the Dex IdP for user authentication and shows the TraTs to the user. While Tratteria can operate alongside service meshes such as Istio, ongoing development aims to optimize this integration, potentially leveraging existing Istio capabilities for improved overall functionality.
Time: Approximately 30 minutes
Availability: Sep 4 10 AM PT, Sep 18 10 AM PT, Oct 2nd 10 AM PT or Oct 9th 10 AM PT.
TO DO
TAG Representative
Schedule date
By opening this issue, I, (Insert Github Handle/Name) acknowledge that the presentation topic and speaker will follow the presentation guidelines
If this is a presentation for a project moving levels, the TAG Representative should complete the Moving Levels Recommendation
The text was updated successfully, but these errors were encountered:
I see in the issue that you mentioned the presentation would take ~ 30 minutes, that is fine. The meeting runs for one hour, and you want to keep some time for Q&A and general housekeeping.
Title: Secure Identity and Context in Microservices with Tratteria
Speakers: Atul Tulshibagwale/tulshi
Description:
Tratteria implements a new IETF OAuth WG draft called "Transaction Tokens" (TraTs). TraTs are short-lived signed JWTs that provide immutable identity and context information in microservices call chains. By providing such immutable context, TraTs prevent attacks like software supply chain, privileged user compromise or malicious insiders, because microservices automatically deny calls that do not have such TraTs associated with them, or the parameters of the call do not match an associated, valid TraT.
Tratteria is a Kubernetes-native framework designed to facilitate the adoption of TraTs in existing applications to secure their call chains. The framework consists of a TraT issuance service, a Kubernetes custom controller for configuration management, and sidecar agents for verifying TraTs. Tratteria requires applications to implement the SPIFFE for service-to-service trust. TraTs generation and verification policies for APIs are described using Kubernetes Custom Resources, allowing applications to describe their services, API endpoints, and immutable context elements (such as path and query parameters, headers, and body elements). Convenient defaults let applications reuse such policy descriptions across a number of microservices. Tratteria documentation includes a tutorial on why TraTs are required, what they are, and how to use them in existing applications. It has a quickstart guide that provides a sample application, which uses the Dex IdP for user authentication and shows the TraTs to the user. While Tratteria can operate alongside service meshes such as Istio, ongoing development aims to optimize this integration, potentially leveraging existing Istio capabilities for improved overall functionality.
Time: Approximately 30 minutes
Availability: Sep 4 10 AM PT, Sep 18 10 AM PT, Oct 2nd 10 AM PT or Oct 9th 10 AM PT.
TO DO
The text was updated successfully, but these errors were encountered: